Error type:
CWE-693:Protection Mechanism Failure
Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
- Severity (CVSSv4.0): 4.8 (medium)
Description:
The vulnerability was identified in RedOS, versions 7.3.5-20241106.3.
The discovered vulnerability in the RedOS kiosk utility due to incorrect restrictions. Exploitation of the vulnerability may allow an attacker to execute arbitrary commands on the system outside the imposed restrictions.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 13.05.2025
Recommendations:
- Update the package to redos-kiosk-utils-0:0.20-1.el7.x86_64.
Additional information: Security advisory
Researcher: Aleksandr Starikov (Positive Technologies)
Identifiers:
BDU:2025-04865
Vendor:
РЕД СОФТ
Vulnerable product:
RedOS (redos-kiosk-utils)
Vulnerable versions:
7.3.5-20241106.3, (redos-kiosk-utils: < v0.20-1)