CVE-2025-41723 | THREATINT

Description

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-22 | Updated 2025-10-22 | Assigner CERTVDE

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-35:Path Traversal: '.../...//'

Product status

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0.0 (semver) before Firmware v3.2.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Default status

unaffected

0.0 (semver) before Firmware v6.0

affected

Credits

Damian Pfammatter, Daniel Hulliger from Cyber-Defence Campus armasuisse S+T finder

References

sauter.csaf-tp.certvde.com/...f/white/2025/vde-2025-060.json

cve.org (CVE-2025-41723)

nvd.nist.gov (CVE-2025-41723)

Download JSON

help @ threatint.eu