Cyber Posture

CVE-2025-66620

High

Published: 07 January 2026

Published
07 January 2026
Modified
22 January 2026
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 16.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66620 is a high-severity Command Shell in Externally Accessible Directory (CWE-553) vulnerability in Columbiaweather Weather Microserver Firmware. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked at the 16.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and CM-7 (Least Functionality).

Threat & Defense at a Glance

What attackers do: exploitation maps to Web Shell (T1505.003) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of the webshell vulnerability through patching or updates to eliminate unlimited login attempts and sudo access.

AC-7 Unsuccessful Logon Attempts good match
prevent

Directly counters unlimited login attempts to the webshell by enforcing lockout after a defined number of unsuccessful logons.

CM-7 Least Functionality good match
prevent

Prevents exploitation by configuring the system to disable or remove unused webshells and non-essential functions granting sudo rights.

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
attack.mitre.org →
T1548.003 Sudo and Sudo Caching Privilege Escalation
Adversaries may perform sudo caching and/or use the sudoers file to elevate privileges.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Unused webshell with unlimited login attempts directly enables T1505.003 (Web Shell) and T1110 (Brute Force); granted sudo rights map to T1548.003; limited shell access for reverse shells/persistence maps to T1059.004.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or…

more

remove data stored in the file system.

Deeper analysisAI

CVE-2025-66620 is a vulnerability in MicroServer involving an unused webshell that permits unlimited login attempts and grants sudo rights on certain files and directories. This issue, associated with CWE-553, affects the MicroServer component and carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with low attack complexity and privileges required from an adjacent network.

An attacker with admin access to MicroServer can exploit this vulnerability to obtain limited shell access. This enables persistence mechanisms such as reverse shells, along with the capability to modify or remove data stored in the file system.

Mitigation details are outlined in advisories including ICSA-26-006-01 from CISA (https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01) and the corresponding CSAF document (https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.json). The vulnerability was published on 2026-01-07.

Details

CWE(s)
CWE-553

Affected Products

columbiaweather
weather microserver firmware
≤ MS_4.1_14142

CVEs Like This One

CVE-2025-61939Same product: Columbiaweather Weather Microserver

References