Vulnerabilities ›

CVE-2025-66620

High

Webshell Vulnerability in Columbia Weather MicroServer Firmware Enables Privilege Escalation

CWE-553 — Weakness Type

                    Published: Jan 7, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

8.0

🔗 NVD Official

📄 Description (English)

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system.

🤖 AI Executive Summary

CVE-2025-66620 is a high-severity vulnerability in MicroServer that allows attackers with admin access to exploit an unused webshell for unlimited login attempts and gain shell access with sudo privileges. This enables persistence through reverse shells and unauthorized modification or deletion of stored data.

📄 Description (Arabic)

يحتوي MicroServer على ويب شيل غير مستخدم يسمح بمحاولات تسجيل دخول غير محدودة للمسؤولين الذين لديهم حقوق sudo على ملفات ومجلدات معينة. يمكن للمهاجمين الذين يمتلكون حق الوصول الإداري استخدام هذه الثغرة لإنشاء أصداف عكسية والحفاظ على الوصول المستمر وتعديل أو حذف البيانات المخزنة في نظام الملفات.

🤖 ملخص تنفيذي (AI)

A high-severity flaw in MicroServer permits administrators to leverage an abandoned webshell to bypass login restrictions and acquire limited shell access with elevated sudo permissions. Attackers can establish persistent reverse shells and manipulate or erase filesystem data.

🤖 AI Intelligence Analysis Analyzed: May 1, 2026 20:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government energy banking healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1078 T1098 T1059 T1021

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Immediately remove or disable the unused webshell from MicroServer installations. Apply the latest security patches from the vendor. Implement strict access controls limiting admin privileges. Monitor for suspicious shell access attempts and reverse shell connections. Conduct forensic analysis for signs of compromise or data tampering.

🔧 خطوات المعالجة (العربية)

قم بإزالة أو تعطيل الويب شيل غير المستخدم فوراً من تثبيتات MicroServer. طبق أحدث تصحيحات الأمان من المورد. طبق ضوابط وصول صارمة تحد من امتيازات المسؤول. راقب محاولات الوصول إلى الأصداف المريبة واتصالات الأصداف العكسية. أجرِ تحليلاً جنائياً للتحقق من علامات الاختراق أو تعديل البيانات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.2.1 5.3.1

🔵 SAMA CSF

CC-6.1 CC-7.2 CC-9.1

🟡 ISO 27001:2022

A.9.2.1 A.9.4.3 A.12.4.1

🔗 References & Sources 2

🔗

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json

ics-cert@hq.dhs.gov

Third Party Advisory

🔗

https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01

ics-cert@hq.dhs.gov

Third Party Advisory US Government Resource

📦 Affected Products / CPE 1 entries

columbiaweather:weather_microserver_firmware

📊 CVSS Score

8.0

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorA — Adjacent

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.0

CWECWE-553

EPSS0.07%

Exploit No

Patch ✓ Yes

Published 2026-01-07

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-553

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2025-66620

💬 Comments

Introduce Yourself

Sign In Required