Security Advisory

CVE-2025-61939

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-07 19:56:52

Last updated 2026-01-07 20:07:45

Assigner icscert

State PUBLISHED

Description

An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the local network with admin access to the web server, and the ability to manipulate DNS responses, can redirect the SSH connection to an attacker controlled device.

← Browse all CVEs View on cve.org ↗