CVE-2025-2762

NONE EPSS 5.5%

Published Apr 23, 20251y ago · Modified Jun 17, 20261w ago

Published Apr 23, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-25948.

Threat Intelligence

EPSS Exploit Probability

5.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-1326

Affected Products 2

Vendor	Product	Version	Range
carlinkit	autokit	2024.01.19.1541	any
carlinkit	cpc200-ccpa	*	any

References 1

zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-25-176/

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.