CVE-2025-2762 – CarlinKit CPC200-CCPA Root of Trust Failure Privilege Escalation Vulnerability

April 23, 2025

CVE ID : CVE-2025-2762

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of a properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-25948.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2765 – CarlinKit CPC200-CCPA Hard-Coded Credentials Authentication Bypass

Next Article CVE-2025-2763 – CarlinKit CPC200-CCPA Cryptographic Signature Verification Bypass Code Execution Vulnerability

Highlights

CVE-2025-4080 – “PHPGurukul Online Nurse Hiring System SQL Injection Vulnerability”

April 29, 2025

CVE ID : CVE-2025-4080

Published : April 29, 2025, 8:15 p.m. | 2 hours, 53 minutes ago

Description : A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php. The manipulation of the argument viewid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-2762 – CarlinKit CPC200-CCPA Root of Trust Failure Privilege Escalation Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

State of CSS 2025

CVE-2025-5505 – TOTOLINK A3002RU Cross-Site Scripting Vulnerability in Virtual Server Page

Meta AI Proposes Multi-Token Attention (MTA): A New Attention Method which Allows LLMs to Condition their Attention Weights on Multiple Query and Key Vectors

Cheque Printing for Corporate Finance Teams: Streamlining UAE Payments

CVE-2025-4080 – “PHPGurukul Online Nurse Hiring System SQL Injection Vulnerability”

CVE-2025-6100 – Realguoshuai Open-Video-CMS SQL Injection Vulnerability

CVE-2025-3647 – Moodle Information Disclosure

CVE-2025-55156 – PyLoad SQL Injection Vulnerability

CVE-2025-2762 – CarlinKit CPC200-CCPA Root of Trust Failure Privilege Escalation Vulnerability

Related Posts