cvedb.io
CVE-2025-66620
HIGH · CVSS 8
EPSS exploitation probability: 0%
Published 2026-01-07T21:15:59.170 · Last modified 2026-06-17T09:57:07.057

Summary

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system.

Affected products

columbiaweather — weather_microserver_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when columbiaweather ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.