Home
HIGH: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
Any version before 2025.0.2
affected
Default status
unaffected
Any version before 2025.0.2
affected
Default status
unaffected
Any version before 2025.0.2
affected
Default status
unaffected
Any version before 2025.0.2
affected
Default status
unaffected
Any version before 2025.0.2
affected
Description
A low privileged remote attacker with file access can replace a critical file or folder used by the service security-profile to get read, write and execute access to any file on the device.
Problem types
CWE-59 Improper Link Resolution Before File Access ('Link Following')
Product status
Any version before 2025.0.2
Any version before 2025.0.2
Any version before 2025.0.2
Any version before 2025.0.2
Any version before 2025.0.2
Credits
Nozomi
References
certvde.com/en/advisories/VDE-2025-054