CVE-2025-61939

Name of the Vulnerable Software and Affected Versions MicroServer (affected versions not specified)

Description An unused function in MicroServer can initiate a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker with local network access and administrative privileges to the web server, along with the ability to manipulate DNS responses, can redirect this SSH connection to a device under their control. This allows for unauthorized SSH connections to vendor domains, potentially exposing security risks on local networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.