CVE-2025-10461 | THREATINT

Description

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03.

PUBLISHED Reserved 2025-09-15 | Published 2026-03-16 | Updated 2026-03-27 | Assigner Softing

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

Any version

affected

1.43 (custom)

unaffected

Default status

unaffected

Any version

affected

1.04

unaffected

Credits

OpenVAS tool

References

industrial.softing.com/...downloads/2025/CVE-2025-10461.html

industrial.softing.com/...downloads/2025/CVE-2025-10461.json

cve.org (CVE-2025-10461)

nvd.nist.gov (CVE-2025-10461)

Download JSON

help @ threatint.eu