CVE-2025-66238 affects Sunbird DCIM dcTrack and Power IQ. According to CISA’s advisory, an authenticated user with access to the appliance’s virtual console could misuse remote access features to redirect network traffic, which may expose restricted services or data on the host machine. CISA published the advisory on 2025-12-04 and lists vendor guidance to update affected products or apply access restrict [truncated]
Sunbird DCIM dcTrack and Power IQ platforms contain default and hard-coded credentials that enable administrative database access, privilege escalation, and host command execution. CISA published advisory ICSA-25-338-05 on December 4, 2025, assigning CVSS 3.1 score 6.7 (MEDIUM). The vulnerability requires local access and high privileges to exploit, but successful exploitation yields complete confidential [truncated]