CVE-2025-32409
Published: 07 April 2025
Summary
CVE-2025-32409 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Prizmlabs (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 10.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2025-32409 affects Ratta SuperNote A6 X2 Nomad devices running firmware versions prior to December 2024. The flaw stems from insufficient validation when receiving firmware images over TCP port 60002, combined with directory traversal and flawed concurrency handling that allows an attacker-supplied image signed with debug keys to be written to the device’s update location, enabling remote code execution.
An unauthenticated remote attacker can exploit the issue by sending a crafted firmware payload directly to the exposed port. Successful exploitation grants the ability to install arbitrary code with high impact on confidentiality, integrity, and availability, rated at CVSS 8.1 with network attack vector and no required privileges or user interaction.
The referenced technical analysis from Prizm Labs describes the rootkit-style attack surface but does not detail vendor-issued patches or configuration mitigations beyond the implicit remediation in builds released after December 2024.
EPSS scores for the vulnerability rose from a low baseline to a recorded peak of 0.0684 (current value 0.0508), indicating emerging exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-10059
Vulnerability details
Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both…
more
directory traversal and unintended handling of concurrency.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.