SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.