CVE-2025-66237

low-risk

Published 2025-12-04

DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

References (2)

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-33...

https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-05

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal