CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

May 21, 2025

CVE ID : CVE-2025-48413

Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago

Description : The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system “root” user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48414 – Apache Web Interface Unauthenticated Script Execution Vulnerability

Next Article CVE-2025-3781 – WordPress Raisely Donation Form Stored Cross-Site Scripting Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47535 – Opal Woo Custom Product Variation Path Traversal

really simple python script that organizes a Pip or Brew List if you copy and paste them so that you can store themm just in case

Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ Data

⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

This slick Linux browser is like a tricked-out Opera – and it’s faster than Firefox

Uploading Datasets to Hugging Face: A Step-by-Step Guide

CVE-2024-58101 – Samsung Galaxy Buds Audio Devices Bluetooth Pairing Remote Takeover Vulnerability

AI-Powered Deception is a Menace to Our Societies

CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

Related Posts