CVE-2025-47416

MEDIUM EPSS 26.4%
Published Sep 9, 20259mo ago · Modified Jun 17, 20262w ago
5.9 CVSS 4.0
Medium
Find Similar
Published Sep 9, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability exists in the ConsoleFindCommandMatchList function in libsymproc. so imported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList. A third-party researcher discovered that the ConsoleFindCommandMatchList enumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name.  Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected Firmware: 3.002.1061  Fixed Firmware: no fixed released (product is discontinued and end of life)   For x70   The Affected Firmware:- 3.000.0110.001  and versions below The Fixed Firmware:- 3.001.0031.001

CVSS Details

Base Score
5.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
26.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-697

References 2

  • security.crestron.com https://security.crestron.com
  • crestron.com https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.