CVE-2025-3223 | THREATINT

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier.

PUBLISHED Reserved 2025-04-03 | Published 2025-05-19 | Updated 2025-05-20 | Assigner GE_Vernova

MEDIUM: 5.9CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

WorkstationST V07.10.10C and earlier (Custom)

affected

Credits

Ricardo Pelaz García finder

Roberto Garcia Hervás finder

References

www.gevernova.com/...24_EGD_Config_Server_File_Overwrite.pdf

cve.org (CVE-2025-3223)

nvd.nist.gov (CVE-2025-3223)

Download JSON