AIRBUS PSS TETRA Connectivity Server, Incorrect Default Permissions, CVE-2025-7024 (critical)

Listen to this Post

How CVE-2025-7024 Works

CVE-2025-7024 is a vulnerability in Airbus PSS TETRA Connectivity Server (TCS) version 7.0 running on Windows Server OS. It stems from an incorrect default permission configuration (CWE-276), where the server’s installation directory is assigned overly permissive access rights. Normally, Windows restricts access to critical application directories, but the TCS installer sets default permissions that allow low-privileged local users to write or place files into the directory. An attacker can exploit this by tricking a user (e.g., via email or a malicious download) into placing a specially crafted file—such as a malicious DLL, executable, or script—into the vulnerable directory. Because the system’s default settings fail to restrict execution rights, the server later loads or executes that file. The flaw exists specifically in the file-handling logic of the TCS service. When the service runs (often as a high-integrity or SYSTEM-level process), it may automatically load or execute the attacker’s file, inheriting the service’s full SYSTEM privileges. This yields a classic privilege escalation scenario: a low-privileged attacker gains complete control over the server, can exfiltrate data, disrupt critical communications, and compromise system integrity and availability. The attack vector is local, requiring a user to place the malicious file, but no additional privileges or advanced technical skills are needed. Airbus has released a fix, delivered to impacted customers, which adjusts directory permissions to enforce the principle of least privilege and adds execution-context validation. Upgrading to TCS versions 8.0 or 9.0 resolves the issue. The vulnerability was published on April 3, 2026, with a CVSS v3 base score of 7.3 (High). No public proof-of-concept exploit was available at disclosure.

DailyCVE Form

Platform: Windows Server OS
Version: TCS 7.0
Vulnerability: Incorrect default permissions
Severity: High (7.3)
Date: 2026-04-03

Prediction: Patch by 2026-05-15

What Undercode Say:

Analytics

  • EPSS Percentile: ~0.00011 (very low exploitation likelihood at disclosure)
  • CVSS v3 Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H (base 7.3)
  • Attack Pattern CAPEC: CAPEC-1 (Accessing Functionality Not Properly)
  • MITRE ATT&CK Technique: T1574.010 (Services File Permissions Weakness)
  • Source: Airbus ([email protected])

Exploit

No public exploit exists. However, a theoretical local attack would:
1. Identify vulnerable directory (e.g., C:\Program Files\Airbus\TETRA Connectivity Server).
2. Craft a malicious DLL/EXE (e.g., reverse shell, privilege escalation tool).
3. Trick a user into placing the file in that directory (e.g., via email attachment).
4. Wait for TCS service to load/execute the file, granting SYSTEM access.

Check directory permissions (Windows PowerShell)
icacls "C:\Program Files\Airbus\TETRA Connectivity Server"
Look for: BUILTIN\Users:(W) or similar write permissions
Create a test file (e.g., harmless PowerShell script)
Write-Output "Write-Host 'Vulnerable'" > test.ps1
Attempt to write as low-privileged user
echo "test" > "C:\Program Files\Airbus\TETRA Connectivity Server\test.txt"
If succeeds, write permissions exist – potential vulnerability
Monitor for file creations in the directory (Sysinternals Process Monitor)
procmon.exe /AcceptEula /BackingFile C:\Logs\procmon.pml
Filter: Path contains "TETRA Connectivity Server" & Operation is "CreateFile"

Protection from this CVE

  • Apply vendor patch immediately: upgrade to TCS versions 8.0 or 9.0.
  • Manually restrict directory permissions: `icacls “path” /deny “Everyone:(W)”`
    – Enforce least privilege: run TCS as a non‑administrator service account.
  • Monitor for unexpected file creations in TCS directories using Windows Event Logs (Event IDs 4656, 4663).
  • Educate users not to place untrusted files into application directories.

Impact

  • Confidentiality: Attacker with SYSTEM access can read all files, including TETRA communication logs and sensitive configuration data.
  • Integrity: Malicious code can modify TCS binaries, inject false messages, or alter system state.
  • Availability: Attackers can disrupt TETRA communications, affecting emergency services, transportation, and critical infrastructure.
  • Scope: Affected TCS version 7.0 on Windows Server OS; patch available.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top