CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

May 21, 2025

CVE ID : CVE-2025-48413

Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago

Description : The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system “root” user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48414 – Apache Web Interface Unauthenticated Script Execution Vulnerability

Next Article CVE-2025-3781 – WordPress Raisely Donation Form Stored Cross-Site Scripting Vulnerability

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

Microsoft’s new Surface Laptop 13-inch is now priced how I thought it should’ve always been — all thanks to this Prime Day deal that WON’T last forever

WWE 2K25 is getting a new story starring Bray Wyatt that will “get people emotional” — but not for PC or last-gen console players

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

Microsoft’s new Surface Laptop 13-inch is now priced how I thought it should’ve always been — all thanks to this Prime Day deal that WON’T last forever

CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

CVE-2025-48269 – WPAdverts Cross-Site Scripting (XSS)

CVE-2025-6662 – PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure

Celebrating GAAD by Committing to Universal Design: Starting with Tolerance for Error

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

OpenWISP – modular and programmable network management system

Critical AMI BMC Vulnerability: Patch Your ASUS Workstation Now

CVE-2025-2775 – SysAid On-Prem XXE Remote Code Execution

CVE-2025-5059 – Campcodes Online Shopping Portal Unrestricted File Upload Vulnerability

CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

Related Posts