exploitDog

CVE-2025-65075

Опубликовано: 16 дек. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script.

This issue was fixed in version 6.44.44

Ссылки

https://cert.pl/en/posts/2025/12/CVE-2025-65074
Third Party Advisory
https://www.wavestore.com/products/video-management-software
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wavestore:video_management_software_server:*:*:*:*:*:*:*:*

Версия до 6.42.4 (включая)

EPSS

Процентиль: 20%

0.00063

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-g4jw-j7g8-f24w

CVSS3: 6.5

github

около 2 месяцев назад

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This issue was fixed in version 6.44.44

EPSS

Процентиль: 20%

0.00063

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22