Skip to main content

CVE-2025-52361: n/a

Unknown
VulnerabilityCVE-2025-52361cvecve-2025-52361
Published: Fri Aug 01 2025 (08/01/2025, 00:00:00 UTC)
Source: CVE Database V5

Description

Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.

AI-Powered Analysis

AILast updated: 08/01/2025, 16:17:43 UTC

Technical Analysis

CVE-2025-52361 is a local privilege escalation vulnerability found in the AK-Nord USB-Server-LXL Firmware version 0.0.16 (Build 2023-03-13). The vulnerability arises due to insecure permissions set on the script located at /etc/init.d/lighttpd. This script is executed with root privileges both on every system boot and upon any interaction with the system. Because the script permissions are improperly configured, a locally authenticated user with low privileges can modify or edit this script. By doing so, the attacker can inject arbitrary commands that will be executed with root privileges, effectively allowing them to escalate their privileges from a low-privilege user to root. This type of vulnerability is critical in embedded or server devices where local access is possible, as it undermines the fundamental security model by allowing unauthorized root-level control. The vulnerability does not require remote exploitation but does require local authentication, meaning the attacker must have some level of access to the device. There are no known exploits in the wild at the time of publication, and no CVSS score has been assigned yet. However, the nature of the vulnerability indicates a severe risk due to the ability to execute arbitrary commands as root, potentially leading to full system compromise, data theft, or disruption of services.

Potential Impact

For European organizations using the AK-Nord USB-Server-LXL device, this vulnerability poses a significant risk. If an attacker gains local access—whether through physical access or via compromised credentials—they can escalate privileges to root, bypassing any restrictions placed on low-privilege users. This could lead to unauthorized access to sensitive data, manipulation or deletion of critical files, installation of persistent malware, or disruption of business operations. Organizations relying on these devices for network storage, data sharing, or other server functions could face data breaches or operational downtime. In environments with strict regulatory requirements such as GDPR, unauthorized root access and potential data exfiltration could result in compliance violations and heavy fines. Moreover, since the script executes on every system boot and interaction, the attack surface is broad, increasing the likelihood of exploitation once local access is obtained.

Mitigation Recommendations

To mitigate this vulnerability, organizations should immediately audit the permissions of the /etc/init.d/lighttpd script on all affected AK-Nord USB-Server-LXL devices. The script should be owned by root with restrictive permissions (e.g., 700 or 750) to prevent modification by non-privileged users. Implementing strict access controls to limit local user accounts and enforcing strong authentication mechanisms will reduce the risk of unauthorized local access. Physical security controls should be enhanced to prevent unauthorized physical access to devices. Additionally, organizations should monitor system logs for any unusual modifications to init scripts or unexpected root-level command executions. Since no patch or update is currently available, consider isolating affected devices from critical networks or replacing them with devices from vendors with a stronger security posture. Regular firmware updates should be tracked and applied once a fix is released by the vendor.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-06-16T00:00:00.000Z
Cvss Version
null
State
PUBLISHED

Threat ID: 688ce524ad5a09ad00ca3848

Added to database: 8/1/2025, 4:02:44 PM

Last enriched: 8/1/2025, 4:17:43 PM

Last updated: 8/2/2025, 12:34:24 AM

Views: 4

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats