CVE-2025-47416

09.09.2025, 14:15

A vulnerability exists in the ConsoleFindCommandMatchListfunction in libsymproc. soimported by ctpd that may lead to unauthorized execution of an attacker-defined file that gets prioritized by the ConsoleFindCommandMatchList.

A third-party researcher discovered that the ConsoleFindCommandMatchListenumerates the /dev/shm/symproc/c directory in alphabetical order to identify console commands. Permission levels are inferred from the integer values present in each command's file name.

Confirmed Affected Hardware:TSW-760, TSW-1060

Confirmed Affected Firmware:3.002.1061

Fixed Firmware: no fixed released(product is discontinued and end of life)

For x70

The Affected Firmware:- 3.000.0110.001 and versions below

The Fixed Firmware:- 3.001.0031.001

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
Crestron	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-697 - Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

https://security.crestron.com

https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001