CVE-2025-3718

Client-side path traversal in Guardian/CMC before 25.2.0

CVSS 5.8 MEDIUMEPSS 0.2%CWE-22

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.8EPSS 0.2%KEV nãoPoC —Patch —

Ciclo de vida

07 oct 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L

Productos afectados

Nozomi Networks · CMC Nozomi Networks · Guardian

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://security.nozominetworks.com/NN-2025:4-01