CVE-2025-32409HIGH 8.1EPSS p58.9%

CVE-2025-32409CVE-2025-32409

Description

Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS1.02% probability of exploitation · percentile 58.9% · 2026-06-19T12:03:05Z
Published2025-04-07
Last modified2026-04-15

Underlying weaknesses· 1

CWE-23

References

  1. https://www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet
  2. https://www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet

1

TypeTargetConfidenceTier
WeaknessRelative Path Traversalcwe-230%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-0592
CVE
CVE-2025-46060
CVE
CVE-2025-48469
CVE
CVE-2025-22470
CVE
CVE-2025-31355
CVE
CVE-2025-25270
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.