CVE-2025-10650 is a high-severity vulnerability affecting SoftIron HyperCloud versions 2.5.0 through 2.6.3. The issue stems from improper privilege management (CWE-269) where the software may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions. This misconfiguration allows unauthorized users to escalate their privileges to administrator level via SSH access. The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L), but requires partial authentication (PR:L) and user interaction (UI:A). The impact on confidentiality, integrity, and availability is high, as an attacker gaining admin SSH access can fully control the system, potentially leading to data breaches, system manipulation, or service disruption. The vulnerability affects critical infrastructure components managed by HyperCloud, which is used for cloud and data center management. No known exploits are currently reported in the wild, but the high CVSS score (8.8) and the nature of the flaw make it a significant risk if exploited. The absence of published patches at this time increases the urgency for mitigation and monitoring.

For European organizations, this vulnerability poses a substantial risk, especially for enterprises and service providers relying on SoftIron HyperCloud for cloud infrastructure management. Unauthorized admin access could lead to exposure of sensitive data, disruption of cloud services, and compromise of business-critical operations. Given the high level of privilege escalation, attackers could deploy ransomware, exfiltrate intellectual property, or manipulate cloud resources to launch further attacks. The impact is particularly severe for sectors such as finance, healthcare, and government, where data confidentiality and service availability are paramount. Additionally, compliance with GDPR and other data protection regulations could be jeopardized if unauthorized access leads to data breaches, resulting in legal and financial penalties.

Organizations should immediately audit SSH authorized keys on all affected HyperCloud instances to detect any unauthorized additions at the administrator level. Restrict SSH access to trusted IP ranges and enforce multi-factor authentication for all administrative accounts. Until a vendor patch is released, consider isolating HyperCloud management interfaces from public networks and implementing strict network segmentation. Monitor SSH logs and system access for unusual activity indicative of privilege escalation attempts. Employ host-based intrusion detection systems (HIDS) to alert on unauthorized key changes. Engage with SoftIron support to obtain any available workarounds or patches and plan for prompt deployment once available. Additionally, review and tighten internal processes for SSH key management to prevent accidental or malicious key misconfigurations.