Severity by source
AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
SSH management-plane access is adjacent (AV:A); high privilege required to reach CLI (PR:H); admin must issue the exposing command (UI:R); only confidentiality impacted via secret leakage (C:H/I:N/A:N).
Primary rating from Vendor (airbus).
CVSS VectorVendor: airbus
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)
There is a possible leak of secret information if administration commands have been passed with the CLI command line tool.
Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
AnalysisAI
Secret credential leakage in StormShield Network Security's CLI tool exposes the proxy CA passphrase or TPM password to other users sharing an SSH session on the firewall appliance. Affected versions span three distinct branches - 4.3.0-4.3.41, 4.8.0-4.8.15, and 5.0.0-5.0.5 - and exploitation is gated behind SSH multiuser mode being explicitly enabled. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | SSH multiuser mode must be explicitly enabled on the StormShield Network Security appliance - this is a non-default configuration that must be deliberately activated by an administrator. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 4.3 (Medium) accurately reflects the constrained exploitation conditions: adjacency requirement (AV:A), high privilege prerequisite (PR:H), and mandatory user interaction (UI:R) together mean a remote, unauthenticated attacker cannot exploit this directly. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious insider or attacker who has compromised a secondary SSH administrative account on an SNS appliance with SSH multiuser mode enabled monitors shared shell resources - such as process argument lists, command history files, or verbose logs - while a legitimate administrator issues a CLI administration command that includes the proxy CA passphrase or TPM password. The attacker captures the secret from this observable output and subsequently uses the TPM password to access hardware-protected cryptographic material or the CA passphrase to issue fraudulent certificates, enabling decryption of SSL-inspected traffic or broader credential theft. … |
| Remediation | Consult the Stormshield advisory at https://advisories.stormshield.eu/2025-007/ for confirmed patched versions and upgrade instructions - exact fixed release numbers are not independently confirmed in the available data beyond the advisory reference itself. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Stormshield Network Security
View allzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header
The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet
The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication m
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ p
An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. Rated high severity (CVSS 7.5), this vulnera
An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x
An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through
ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a cr
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a craft
Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific for
An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. Rated high severity (CVSS 7.5), this v
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x b
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41271
GHSA-wcc8-vcvw-p9m3