CRITICAL🇵🇱 Wersja polska

CVE-2024-25825

CVSS 9.8v3.1pub. 2024-10-09upd. 2026-04-15

FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.

🤖 AI Analysis
How it works

The vulnerability results from incorrect factory configuration — the root account password was configured as a wildcard instead of a strong, random password. CWE-259 describes the use of hard-coded passwords; in this case, the wildcard acts as a password that accepts any or no authentication. Anyone with network or local access to the system can log in as root, bypassing the standard authentication mechanism.

Impact

The attacker gains full root privileges, providing complete control over the system — ability to read and modify data, install software, change configuration, and permanently compromise the device.

Mitigation & patch

Apply patches available from the manufacturer according to the references (https://fydeos.io/, https://openfyde.io/). Until an update is applied, it is recommended to manually set a strong password for the root account and restrict access to the system at the network and physical level.

Who is affected

FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References