{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-8758","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-08-08T15:33:19.726Z","datePublished":"2025-08-09T16:02:05.577Z","dateUpdated":"2025-08-12T16:05:10.629Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-08-09T16:02:05.577Z"},"title":"TRENDnet TEW-822DRE vsftpd least privilege violation","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-272","lang":"en","description":"Least Privilege Violation"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-266","lang":"en","description":"Incorrect Privilege Assignment"}]}],"affected":[{"vendor":"TRENDnet","product":"TEW-822DRE","versions":[{"version":"FW103B02","status":"affected"}],"modules":["vsftpd"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in TRENDnet TEW-822DRE FW103B02. It has been classified as problematic. This affects an unknown part of the component vsftpd. The manipulation leads to least privilege violation. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"Es wurde eine Schwachstelle in TRENDnet TEW-822DRE FW103B02 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Komponente vsftpd. Durch Beeinflussen mit unbekannten Daten kann eine least privilege violation-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":7.3,"vectorString":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":7,"vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7,"vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":6,"vectorString":"AV:L/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-08-08T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-08-08T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-08-08T17:38:29.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"TPCHECKER (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.319263","name":"VDB-319263 | TRENDnet TEW-822DRE vsftpd least privilege violation","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.319263","name":"VDB-319263 | CTI Indicators (IOB, IOC, TTP)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.624299","name":"Submit #624299 | TRENDnet TEW-822DRE FW103B02 Misconfiguration","tags":["third-party-advisory"]},{"url":"https://www.notion.so/23e54a1113e78009adc9d909b254812b","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-11T15:23:36.078367Z","id":"CVE-2025-8758","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-12T16:05:10.629Z"}}]}}