The Discovery, Disclosure, and Investigation of CVE-2024-25825

CVE-2024-25825 is a vulnerability found in FydeOS. This thesis describes its discovery,disclosure, and its further investigation in connection to a nation state actor. The vulnerability isCWE-1392: Use of Default Credentials, CWE-1393: Use of Default Password, and CWE-258:Empty Password in Configuration File found in the /etc/shadow configuration file. The rootuser’s entry in the /etc/shadow file contains a wildcard allowing entry with any, or no, password.Following responsable disclosure, Fyde, CISA, and Mitre were informed. Fyde was alreadyaware of the vulnerability. There was concern that this vulnerability might have beenpurposefully placed, perhaps by a nation state actor. After further investigation, it appears that thisis unlikely to be the case. In cases in which poisoned code is suspected it might be prudent tocontact the appropriate CERT, rather than the parent company. This, however, clashes with thetypical teaching of responsable disclosure.