rootio-linux: Unauthenticated Remote Code Execution via SFTP

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-linux: Unauthenticated Remote Code Execution via SFTP

ROOT-OS-DEBIAN-12-CVE-2025-71088

Summary

The rootio-linux package has a security issue that could allow an attacker to run arbitrary code on your system without a password. This affects systems using the SFTP service. To fix this, update to a patched version of rootio-linux.

What to do

Update rootio-linux to version 6.1.164-1.root.io.108.

Affected software

Vendor	Product	Affected versions	Fix available
–	rootio-linux	<= 6.1.164-1.root.io.108	6.1.164-1.root.io.108

Original title

CVE-2025-71088 in rootio-linux - Patched by Root

Original description

Root has patched CVE-2025-71088 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available.

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 29 Mar 2026