Cyber Posture

CVE-2025-1100

Critical

Published: 12 February 2025

Published
12 February 2025
Modified
24 October 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0185 83.1th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-1100, published on 2025-02-12, is a critical vulnerability with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) affecting Q-Free MaxTime versions less than or equal to 2.11.0. The issue is classified as CWE-259, involving the use of a hard-coded password for the root account. This flaw allows an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.

Any unauthenticated attacker with network access to the affected system can exploit this vulnerability by authenticating over SSH using the hard-coded root password. Successful exploitation grants full root-level access, enabling arbitrary code execution that can result in complete compromise of the system, including high impacts to confidentiality, integrity, and availability.

Mitigation details are available in the advisory from Nozomi Networks at https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-1100.

Details

CWE(s)
CWE-259

Affected Products

q-free
maxtime
≤ 2.11.0

MITRE ATT&CK Enterprise Techniques

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1133 External Remote Services Persistence
Adversaries may leverage external-facing remote services to initially access and/or persist within a network.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Hard-coded root password enables default account abuse (T1078.001) for unauthenticated remote access via exposed SSH service (T1133, T1190), resulting in root-level arbitrary code execution.

References