CVE-2025-66238 Sunbird CVE debrief

Who should care

Administrators and operators of Sunbird DCIM dcTrack and Power IQ, especially environments that expose virtual console, SSH, or other non-essential management access to the appliance.

Technical summary

The issue is described as misuse of certain remote access features by an authenticated user who already has access to the appliance’s virtual console. The practical impact is traffic redirection from the appliance in a way that could allow access to restricted services or data on the host machine. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N, which aligns with a medium-severity impact requiring high privileges.

Defensive priority

Medium. Prioritize remediation where management interfaces or virtual console access are reachable by more users than necessary, or where the appliance sits in sensitive network segments.

Recommended defensive actions

• Update dcTrack to 9.2.3.
• Update Power IQ to 9.2.1.
• If immediate updating is not possible, restrict SSH or other non-essential port access in IP-based access control.
• Change passwords for SSH-based user accounts at deployment time.
• Review which administrators and support users can access the appliance virtual console and remove unnecessary access.

Evidence notes

Source evidence comes from CISA’s CSAF advisory ICSA-25-338-05, published 2025-12-04, which identifies Sunbird as the vendor and lists dcTrack and Power IQ as affected products. The advisory describes authenticated misuse of virtual console remote access features leading to possible redirection of network traffic and exposure of restricted services or data. The supplied data also includes Sunbird remediation guidance and a CVSS v3.1 score of 6.5 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N). No KEV entry is provided in the supplied corpus.

Official resources