← back
CVE-2025-14253

Galaxy Software Services|Vitals ESP - Arbitrary File Read

CVSS 6.9 MEDIUMEPSS 0.4%CWE-36
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
08 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
Galaxy Software Services · Vitals ESP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.twcert.org.tw/en/cp-139-10543-380bd-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10542-4c682-1.html