Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
rootio-linux: Unauthenticated Remote Code Execution through SFTP
ROOT-OS-DEBIAN-12-CVE-2025-38042
Summary
The rootio-linux package had a security issue that allowed an attacker to run malicious code on the system without being authenticated. This could happen if an attacker was able to access the system's SFTP server. The issue has been fixed by the Root team, and users should update their software to the latest version to stay secure.
What to do
- Update rootio-linux to version 6.1.159-1.root.io.75.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | rootio-linux | <= 6.1.159-1.root.io.75 | 6.1.159-1.root.io.75 |
Original title
CVE-2025-38042 in rootio-linux - Patched by Root
Original description
Root has patched CVE-2025-38042 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available.
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026