CVE-2025-61792 (GCVE-0-2025-61792)

Vulnerability from cvelistv5 – Published: 2025-09-30 00:00 – Updated: 2025-10-06 18:31 Disputed
VLAI
Summary
Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button, and the Help Button, leading to a transition out of kiosk mode into local administrative access. NOTE: the reporter indicates that the "behavior was observed sporadically" during "limited time on the client site," making it not "possible to gain more information about the specific kiosk mode crashing issue," and the only conclusion was "there appears to be some form of race condition." Accordingly, there can be doubt that a reproducible cybersecurity vulnerability was identified; sporadic software crashes can also be caused by a hardware fault on a single device (for example, transient RAM errors). The reporter also describes a variety of other issues, including initial access via USB because of the absence of a "lock-pick resistant locking solution for the External Controller PC cabinet," which is not a cybersecurity vulnerability (section 4.1.5 of the CNA Operational Rules). Finally, it is unclear whether the device or OS configuration was inappropriate, given that the risks are typically limited to insider threats within the mail operations room of a large company.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
Impacted products
Vendor Product Version
Quadient DS-700 iQ Affected: 0 , ≤ 2025-09-30 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-06T18:31:28.511682Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-06T18:31:40.108Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "DS-700 iQ",
          "vendor": "Quadient",
          "versions": [
            {
              "lessThanOrEqual": "2025-09-30",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button, and the Help Button, leading to a transition out of kiosk mode into local administrative access. NOTE: the reporter indicates that the \"behavior was observed sporadically\" during \"limited time on the client site,\" making it not \"possible to gain more information about the specific kiosk mode crashing issue,\" and the only conclusion was \"there appears to be some form of race condition.\" Accordingly, there can be doubt that a reproducible cybersecurity vulnerability was identified; sporadic software crashes can also be caused by a hardware fault on a single device (for example, transient RAM errors). The reporter also describes a variety of other issues, including initial access via USB because of the absence of a \"lock-pick resistant locking solution for the External Controller PC cabinet,\" which is not a cybersecurity vulnerability (section 4.1.5 of the CNA Operational Rules). Finally, it is unclear whether the device or OS configuration was inappropriate, given that the risks are typically limited to insider threats within the mail operations room of a large company."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-30T22:49:07.345Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-folding-to-folded-hacking-high-volume-mailer-machines/"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-61792",
    "datePublished": "2025-09-30T00:00:00.000Z",
    "dateReserved": "2025-09-30T00:00:00.000Z",
    "dateUpdated": "2025-10-06T18:31:40.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-61792",
      "date": "2026-07-10",
      "epss": "0.00123",
      "percentile": "0.02501"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-61792\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-09-30T23:15:29.700\",\"lastModified\":\"2026-06-17T09:50:54.540\",\"vulnStatus\":\"Deferred\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button, and the Help Button, leading to a transition out of kiosk mode into local administrative access. NOTE: the reporter indicates that the \\\"behavior was observed sporadically\\\" during \\\"limited time on the client site,\\\" making it not \\\"possible to gain more information about the specific kiosk mode crashing issue,\\\" and the only conclusion was \\\"there appears to be some form of race condition.\\\" Accordingly, there can be doubt that a reproducible cybersecurity vulnerability was identified; sporadic software crashes can also be caused by a hardware fault on a single device (for example, transient RAM errors). The reporter also describes a variety of other issues, including initial access via USB because of the absence of a \\\"lock-pick resistant locking solution for the External Controller PC cabinet,\\\" which is not a cybersecurity vulnerability (section 4.1.5 of the CNA Operational Rules). Finally, it is unclear whether the device or OS configuration was inappropriate, given that the risks are typically limited to insider threats within the mail operations room of a large company.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos Quadient DS-700 iQ hasta el 30-09-2025 podr\u00edan tener una condici\u00f3n de carrera durante el clic r\u00e1pido (en orden) del bot\u00f3n de signo de interrogaci\u00f3n, el bot\u00f3n de Ayuda, el bot\u00f3n de Acerca de, y el bot\u00f3n de Ayuda, lo que lleva a una transici\u00f3n del modo quiosco a un acceso administrativo local. NOTA: el informante indica que el \u0027comportamiento fue observado espor\u00e1dicamente\u0027 durante \u0027tiempo limitado en el sitio del cliente,\u0027 lo que hace que no sea \u0027posible obtener m\u00e1s informaci\u00f3n sobre el problema espec\u00edfico de bloqueo del modo quiosco,\u0027 y la \u00fanica conclusi\u00f3n fue \u0027parece haber alguna forma de condici\u00f3n de carrera.\u0027 En consecuencia, puede haber dudas de que se haya identificado una vulnerabilidad de ciberseguridad reproducible; los bloqueos espor\u00e1dicos del software tambi\u00e9n pueden ser causados por una falla de hardware en un solo dispositivo (por ejemplo, errores transitorios de RAM). El informante tambi\u00e9n describe una variedad de otros problemas, incluido el acceso inicial a trav\u00e9s de USB debido a la ausencia de una \u0027soluci\u00f3n de bloqueo resistente a la ganz\u00faa para el gabinete de la PC del controlador externo,\u0027 lo cual no es una vulnerabilidad de ciberseguridad (secci\u00f3n 4.1.5 de las Reglas Operativas de la CNA). Finalmente, no est\u00e1 claro si la configuraci\u00f3n del dispositivo o del sistema operativo fue inapropiada, dado que los riesgos suelen limitarse a amenazas internas dentro de la sala de operaciones de correo de una gran empresa.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"Quadient\",\"product\":\"DS-700 iQ\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"2025-09-30\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-10-06T18:31:28.511682Z\",\"id\":\"CVE-2025-61792\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"references\":[{\"url\":\"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-folding-to-folded-hacking-high-volume-mailer-machines/\",\"source\":\"cve@mitre.org\"}]}}",
    "redhat_vex": {
      "current_release_date": "2025-10-01T00:42:20+00:00",
      "cve": "CVE-2025-61792",
      "id": "CVE-2025-61792",
      "initial_release_date": "2025-01-01T00:00:00+00:00",
      "product_status:known_not_affected": "1",
      "source": "Red Hat CSAF VEX",
      "status": "final",
      "title": "CVE-2025-61792",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61792.json",
      "version": "3"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61792\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-06T18:31:28.511682Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-06T18:31:36.409Z\"}}], \"cna\": {\"tags\": [\"disputed\"], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"Quadient\", \"product\": \"DS-700 iQ\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2025-09-30\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-folding-to-folded-hacking-high-volume-mailer-machines/\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button, and the Help Button, leading to a transition out of kiosk mode into local administrative access. NOTE: the reporter indicates that the \\\"behavior was observed sporadically\\\" during \\\"limited time on the client site,\\\" making it not \\\"possible to gain more information about the specific kiosk mode crashing issue,\\\" and the only conclusion was \\\"there appears to be some form of race condition.\\\" Accordingly, there can be doubt that a reproducible cybersecurity vulnerability was identified; sporadic software crashes can also be caused by a hardware fault on a single device (for example, transient RAM errors). The reporter also describes a variety of other issues, including initial access via USB because of the absence of a \\\"lock-pick resistant locking solution for the External Controller PC cabinet,\\\" which is not a cybersecurity vulnerability (section 4.1.5 of the CNA Operational Rules). Finally, it is unclear whether the device or OS configuration was inappropriate, given that the risks are typically limited to insider threats within the mail operations room of a large company.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-362\", \"description\": \"CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-09-30T22:49:07.345Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-61792\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-06T18:31:40.108Z\", \"dateReserved\": \"2025-09-30T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-09-30T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…