← volver
CVE-2025-65076

Arbitrary File Read and Delete via Path Traversal in WaveStore Server

CVSS 8.6 HIGHEPSS 0.3%CWE-22
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
16 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any file on the server using path traversal in the ilog script. This script is being run with root privileges. This issue was fixed in version 6.44.44
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N