{"id":"CVE-2025-35021","details":"By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections.","modified":"2026-03-15T14:52:49.182630Z","published":"2025-11-04T01:15:33.107Z","references":[{"type":"ADVISORY","url":"https://support.abilis.net/relnotes/cpx2k/R9.0.html#R9.0.7"},{"type":"EVIDENCE","url":"https://www.runzero.com/advisories/abilis-cpx-authentication-bypass-cve-2025-35021/"},{"type":"EVIDENCE","url":"https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111111111011111111110000000000000000000000000000000000000000000000000000000100"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"9.0.7"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-35021.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}