CVE-2025-27846

MEDIUM EPSS 7.1%

Published Aug 14, 202510mo ago · Modified Jun 17, 20261w ago

4.3 CVSS 3.1

Medium

Published Aug 14, 2025 10mo ago

Last Modified Jun 17, 2026 1w ago

Description

In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected.

CVSS Details

Base Score

4.3

Exploitability

0.9

Impact

3.4

Vector string

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector Physical

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

7.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

References 2

espec.com https://espec.com
espec.com https://espec.com/na/about/detail/cve_2025_27846

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.