CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

May 21, 2025

CVE ID : CVE-2025-48413

Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago

Description : The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system “root” user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to log into the device. Authentication can be performed via SSH backdoor or likely via physical access (UART shell).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48414 – Apache Web Interface Unauthenticated Script Execution Vulnerability

Next Article CVE-2025-3781 – WordPress Raisely Donation Form Stored Cross-Site Scripting Vulnerability

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

CVE-2025-5223 – CVE-2022-36462: Apache HTTP Server Remote Code Execution

CVE-2025-46014 – Honor PC Manager Named Pipe Privilege Escalation Vulnerability

CVE-2025-49586 – XWiki Remote Code Execution Vulnerability

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

CVE-2024-53013 – Google Android Audio Call Registration Buffer Overflow

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Xbox Game Pass just had its strongest content quarter ever, but can we expect this level of quality forever?

Ubuntu 25.10 Codename Revealed — or an April Fools’ Prank?

CVE-2025-48413 – Apache Device Hard-Coded Root Password Backdoor

Related Posts