Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-66620— Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory

CVSS 8.0 · High EPSS 0.05% · P17
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-66620

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Columbia Weather Systems MicroServer Command Shell in Externally Accessible Directory
Source: NVD (National Vulnerability Database)
Vulnerability Description
An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the file system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
外部可访问目录中的命令行Shell
Source: NVD (National Vulnerability Database)
Vulnerability Title
Columbia Weather Systems MicroServer 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Columbia Weather Systems MicroServer是美国Columbia Weather Systems公司的一个气象数据服务器。 Columbia Weather Systems MicroServer存在安全漏洞,该漏洞源于未使用的Webshell允许无限次登录尝试,可能导致有限的shell访问权限获取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Columbia Weather SystemsMicroServer 0 ~ MS_4.1_14142 -

II. Public POCs for CVE-2025-66620

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-66620

登录查看更多情报信息。

Same Patch Batch · Columbia Weather Systems · 2026-01-07 · 3 CVEs total

CVE-2025-619398.8 HIGHColumbia Weather Systems MicroServer Improper Restriction of Communication Channel to Inte
CVE-2025-643056.5 MEDIUMColumbia Weather Systems MicroServer Cleartext Storage in a File or on Disk

IV. Related Vulnerabilities

Same product: MicroServer
Same vendor: Columbia Weather Systems

V. Comments for CVE-2025-66620

No comments yet

Leave a comment