Known Issues
| Bug ID | Title | Description |
|---|---|---|
| 58886 | OS Package Vulnerabilities Scheduled for Future Patches | CVEs identified before 10th August: CVE-2025-4598 (systemd) This vulnerability in systemd-coredump allows local information disclosure due to a race condition during core dump handling. In the Accops HySecure environment, core dump storage is disabled, and there are no unprivileged users, making exploitation unlikely. This fix is deferred due to the impact on product functionality. CVEs identified after 10th August: CVE-2025-5914, CVE-2025-48989 The CVEs listed above require either local access, specific configurations, or enabled features that are not present or exposed in HySecure. Hence, they are not exploitable in the current environment. These will be addressed in the upcoming patch cycle. |
| 54198 | Upgrade Entry Missing for Active and Standby Nodes | After applying this release, the HySecure database may not have the upgrade entries for the Active and Standby nodes corresponding to this hotfix. Although the Admin log, Upgrade log, and upgrade entry in files will be available. |
| 46950 | World Writable Files and Directories exist on HySecure | There exist a few files and directories on the server with world-writable permissions (rw-rw-rw-). This is a low-risk, low-severity issue that requires additional evaluation and validation before modifying permissions to prevent any impact on functionality. However, the following compensating controls are in place to reduce risk exposure: No unprivileged users exist on the server who could exploit these permissions. Access to the server is restricted to authorized administrators only. |