CVE-2025-27025
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-02

Last updated on: 2025-07-03

Assigner: ENISA

Description
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-02
Last Modified
2025-07-03
Generated
2026-05-07
AI Q&A
2025-07-02
EPSS Evaluated
2026-05-05
NVD
CVE-2025-27025
EUVD
EUVD-2025-19706
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-280 The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability allows an attacker to exploit a service on a device that uses Basic Authentication and accepts PUT and GET HTTP methods. By performing a Directory Traversal attack, the attacker can write files anywhere on the device's file system with root privileges using the PUT method, and read any file using the GET method.


How can this vulnerability impact me? :

The vulnerability can lead to severe impacts including unauthorized reading and writing of files on the device with root privileges. This can result in data theft, system compromise, unauthorized code execution, and potentially full control over the affected device.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart