CVE-2025-36729 is a high-severity vulnerability affecting RACOM's M!DGE2 device, specifically version 4.0. The vulnerability stems from improper privilege management (CWE-269) within the device's web interface. A non-primary administrator user who already has administrative rights to the web interface—but lacks shell access permissions—can exploit this flaw to view sensitive configuration details, including the master administrator password. Furthermore, this vulnerability allows such a user to escalate privileges by granting themselves shell access with root group ID (gid) privileges. This effectively bypasses intended access controls and enables full system-level control over the device. The CVSS 3.1 base score of 7.2 reflects the network exploitable nature (AV:N), low attack complexity (AC:L), requirement for high privileges (PR:H), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Given that the vulnerability allows privilege escalation from an already privileged web interface user to root shell access, it poses a critical risk to device security and network integrity. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that affected organizations should prioritize mitigation and monitoring. RACOM M!DGE2 devices are typically used in industrial and critical infrastructure communication networks, which increases the potential impact of this vulnerability if exploited.

For European organizations, especially those in critical infrastructure sectors such as energy, transportation, and industrial automation that rely on RACOM M!DGE2 devices for communication, this vulnerability presents a significant risk. Exploitation could lead to unauthorized disclosure of sensitive configuration data, including master admin credentials, enabling attackers to gain persistent root-level access. This could result in manipulation or disruption of critical communication links, potentially causing operational downtime, data breaches, or sabotage. The high confidentiality, integrity, and availability impacts could affect not only the targeted device but also interconnected systems, amplifying the risk of cascading failures. Given the strategic importance of industrial control systems in Europe’s energy grids and manufacturing sectors, successful exploitation could have severe economic and safety consequences. Additionally, the lack of required user interaction and the ability to exploit remotely over the network make this vulnerability particularly dangerous in environments where multiple administrators have web interface access but limited shell permissions.

European organizations using RACOM M!DGE2 version 4.0 should immediately audit user privileges on the device's web interface, ensuring that only fully trusted administrators have access. Restrict the number of non-primary admin users with web interface admin rights and review their necessity. Implement network segmentation to isolate M!DGE2 devices from broader enterprise networks, limiting exposure to potentially malicious users. Monitor device logs for unusual configuration access or privilege escalation attempts. Since no patches are currently available, consider deploying compensating controls such as multi-factor authentication for web interface access and enhanced monitoring of administrative actions. Engage with RACOM support channels to obtain updates on patches or firmware upgrades addressing this vulnerability. Additionally, conduct regular security assessments and penetration tests focusing on privilege escalation vectors within these devices. Finally, establish incident response plans tailored to potential compromise scenarios involving M!DGE2 devices to minimize impact if exploitation occurs.