CVE-2025-66238

🗓️ 04 Dec 2025 21:10:11Reported by icscertType

CVE-2025-66238: Authenticated users with virtual console can bypass authentication and redirect traffic in Sunbird DCIM.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-66238	4 Dec 202511:00	–	circl
CNNVD	Sunbird DCIM dcTrack 安全漏洞	4 Dec 202500:00	–	cnnvd
Cvelist	CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel	4 Dec 202521:10	–	cvelist
EUVD	EUVD-2025-201312	5 Dec 202500:31	–	euvd
NVD	CVE-2025-66238	4 Dec 202522:15	–	nvd
Positive Technologies	PT-2025-49148	4 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-66238	5 Dec 202521:34	–	redhatcve
Vulnrichment	CVE-2025-66238 Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel	4 Dec 202521:10	–	vulnrichment

Vulners

Node

sunbird dcim_dctrackRange≤9.2.0

sunbird iqRange≤9.2.0

[
  {
    "defaultStatus": "unaffected",
    "product": "DCIM dcTrack",
    "vendor": "Sunbird",
    "versions": [
      {
        "lessThanOrEqual": "v9.2.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "9.2.3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "IQ",
    "vendor": "Sunbird",
    "versions": [
      {
        "lessThanOrEqual": "v9.2.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "9.2.1"
      }
    ]
  }
]

Source	Link
github	www.github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-338-05.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-25-338-05

15 Apr 2026 00:35Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.2

CVSS 47.4

EPSS0.00052

SSVC

CWE-288