Security Advisory

CVE-2025-52548

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-02 11:26:08

Last updated 2025-09-02 13:28:08

Assigner Armis

State PUBLISHED

Description

E3 Site Supervisor Control (firmware version < 2.31F01) contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the underlying OS.

← Browse all CVEs View on cve.org ↗