Description
Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse.


An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory.

This issue affects TETRA connectivity Server: 7.0.


Vulnerability fix is available and delivered to impacted customers.
Published: 2026-04-03
Score: 5.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from incorrect default permissions in the Tetra Connectivity Server. An attacker who can trick a user into dropping a crafted file into a vulnerable directory may trigger arbitrary code execution with SYSTEM privileges. This escalates a user‑level process to the highest local privilege on the Windows Server, compromising confidentiality, integrity, and availability of the system.

Affected Systems

Affected systems include the AIRBUS Tetra Connectivity Server version 7.0 running on Windows Server operating systems.

Risk and Exploitability

The CVSS score of 5.6 indicates moderate severity, and the EPSS score is not available, meaning the exploitation probability is undetermined. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to be able to place a file in a specific directory, typically through social engineering or user cooperation. Once that condition is met, privilege abuse can occur.

Generated by OpenCVE AI on April 3, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑released security fix for Tetra Connectivity Server 7.0.
  • Verify that default folder permissions remain unchanged after deployment.
  • If patching is delayed, disable or monitor write access to the vulnerable directory to prevent placement of malicious files.

Generated by OpenCVE AI on April 3, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Airbus
Airbus tetra Connectivity Server (tcs)
Vendors & Products Airbus
Airbus tetra Connectivity Server (tcs)

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 03 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Description Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may execute arbitrary code with SYSTEM privileges if a user is tricked or directed to place a crafted file into the vulnerable directory. This issue affects TETRA connectivity Server: 7.0. Vulnerability fix is available and delivered to impacted customers.
Title Local privilege escalation in Windows Server OS through installed Tetra Connectivity Server (TCS)
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 5.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U'}

Subscriptions

Airbus Tetra Connectivity Server (tcs)
cve-icon MITRE

Status: PUBLISHED

Assigner: airbus

Published:

Updated: 2026-04-03T12:16:42.627Z

Reserved: 2025-07-02T14:50:55.096Z

Link: CVE-2025-7024

cve-icon Vulnrichment

Updated: 2026-04-03T12:16:35.708Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T08:16:17.290

Modified: 2026-04-03T16:10:23.730

Link: CVE-2025-7024

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:17:02Z

Weaknesses