PatchSiren

Sunbird CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Sunbird CVE published 2025-12-04

CVE-2025-66238

CVE-2025-66238 affects Sunbird DCIM dcTrack and Power IQ. According to CISA’s advisory, an authenticated user with access to the appliance’s virtual console could misuse remote access features to redirect network traffic, which may expose restricted services or data on the host machine. CISA published the advisory on 2025-12-04 and lists vendor guidance to update affected products or apply access restrict [truncated]

MEDIUM Sunbird CVE published 2025-12-04

CVE-2025-66237

Sunbird DCIM dcTrack and Power IQ platforms contain default and hard-coded credentials that enable administrative database access, privilege escalation, and host command execution. CISA published advisory ICSA-25-338-05 on December 4, 2025, assigning CVSS 3.1 score 6.7 (MEDIUM). The vulnerability requires local access and high privileges to exploit, but successful exploitation yields complete confidential [truncated]