CVE-2025-1424 - Vulnerability Details - OpenCVE

A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.redguard.ch/blog/2025/03/04/security-advisory-pocketbook-inkpad-color-3/

History

Tue, 04 Mar 2025 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 04 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description		A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671.
Title		Privilege Escalation Through SUID Binary and Developer Mode
Weaknesses		CWE-269
References		https://www.redguard.ch/blog/2025/03/04/security-advisory-pocketbook-inkpad-color-3/
Metrics		cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

MITRE

Status: PUBLISHED

Assigner: NCSC.ch

Published: 2025-03-04T15:25:47.223Z

Updated: 2025-03-04T15:51:17.649Z

Reserved: 2025-02-18T14:15:52.815Z

Link: CVE-2025-1424

Vulnrichment

Updated: 2025-03-04T15:50:55.888Z

NVD

Status : Received

Published: 2025-03-04T16:15:36.663

Modified: 2025-03-04T16:15:36.663

Link: CVE-2025-1424

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1424", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "state": "PUBLISHED", "assignerShortName": "NCSC.ch", "dateReserved": "2025-02-18T14:15:52.815Z", "datePublished": "2025-03-04T15:25:47.223Z", "dateUpdated": "2025-03-04T15:51:17.649Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Linux", "ARM"], "product": "InkPad Color 3", "vendor": "PocketBook", "versions": [{"status": "affected", "version": "U743k3.6.8.3671", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Benjamin Faller, Redguard AG"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A privilege escalation vulnerability in PocketBook InkPad Color 3 <span style=\"background-color: transparent;\">allows attackers to escalate to root privileges if they gain physical access to the device.</span><br><p>This issue affects InkPad Color 3 in version U743k3.6.8.3671.</p>"}], "value": "A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device.\nThis issue affects InkPad Color 3 in version U743k3.6.8.3671."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2025-03-04T15:25:47.223Z"}, "references": [{"tags": ["third-party-advisory", "exploit"], "url": "https://www.redguard.ch/blog/2025/03/04/security-advisory-pocketbook-inkpad-color-3/"}], "source": {"discovery": "UNKNOWN"}, "title": "Privilege Escalation Through SUID Binary and Developer Mode", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T15:50:47.861081Z", "id": "CVE-2025-1424", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:51:17.649Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1424", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-04T15:50:47.861081Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:50:55.888Z"}}], "cna": {"title": "Privilege Escalation Through SUID Binary and Developer Mode", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Benjamin Faller, Redguard AG"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233 Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PocketBook", "product": "InkPad Color 3", "versions": [{"status": "affected", "version": "U743k3.6.8.3671", "versionType": "custom"}], "platforms": ["Linux", "ARM"], "defaultStatus": "unknown"}], "references": [{"url": "https://www.redguard.ch/blog/2025/03/04/security-advisory-pocketbook-inkpad-color-3/", "tags": ["third-party-advisory", "exploit"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device.\nThis issue affects InkPad Color 3 in version U743k3.6.8.3671.", "supportingMedia": [{"type": "text/html", "value": "A privilege escalation vulnerability in PocketBook InkPad Color 3 <span style=\"background-color: transparent;\">allows attackers to escalate to root privileges if they gain physical access to the device.</span><br><p>This issue affects InkPad Color 3 in version U743k3.6.8.3671.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "455daabc-a392-441d-aa46-37d35189897c", "shortName": "NCSC.ch", "dateUpdated": "2025-03-04T15:25:47.223Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1424", "state": "PUBLISHED", "dateUpdated": "2025-03-04T15:51:17.649Z", "dateReserved": "2025-02-18T14:15:52.815Z", "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c", "datePublished": "2025-03-04T15:25:47.223Z", "assignerShortName": "NCSC.ch"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device.\nThis issue affects InkPad Color 3 in version U743k3.6.8.3671."}], "id": "CVE-2025-1424", "lastModified": "2025-03-04T16:15:36.663", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}, "published": "2025-03-04T16:15:36.663", "references": [{"source": "vulnerability@ncsc.ch", "url": "https://www.redguard.ch/blog/2025/03/04/security-advisory-pocketbook-inkpad-color-3/"}], "sourceIdentifier": "vulnerability@ncsc.ch", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "vulnerability@ncsc.ch", "type": "Secondary"}]}