exploitDog

CVE-2025-40898

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.

Ссылки

https://security.nozominetworks.com/NN-2025:15-01
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*

Версия до 25.5.0 (исключая)

cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*

Версия до 25.5.0 (исключая)

EPSS

Процентиль: 23%

0.00078

Низкий

8.1 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-m6g9-g34g-jmjf

CVSS3: 8.1

github

около 2 месяцев назад

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.

EPSS

Процентиль: 23%

0.00078

Низкий

8.1 High

CVSS3

Дефекты

CWE-22