CVE-2025-27080

MEDIUM Year: 2025
CVSS v3 Score
6.0
Medium
Weakness Type
CWE-359
View all →

Vulnerability Description

Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.

Related Vulnerabilities

CVE-2022-24719

MEDIUM
CVSS:6.1(Medium)

Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or ...

CWE-3592022

CVE-2024-30321

HIGH
CVSS:5.9(Medium)

A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (...

CWE-3592024

CVE-2024-38103

MEDIUM
CVSS:5.9(Medium)

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CWE-3592024

CVE-2025-0683

HIGH
CVSS:5.9(Medium)

In its default configuration, Contec Health CMS8000 Patient Monitor transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a...

CWE-3592025

CVE-2023-44156

MEDIUM
CVSS:5.7(Medium)

Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.

CWE-3592023

CVE-2024-49386

MEDIUM
CVSS:5.7(Medium)

Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.

CWE-3592024