CVE-2025-48394
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-06
Assigner: Eaton
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an attacker who already has authenticated and privileged access to modify the contents of a non-sensitive file by using path traversal within the limited shell of the command-line interface (CLI).
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized modification of non-sensitive files, which may affect system integrity and availability. Since the attacker needs privileged access, the impact is limited to users with such access, but it could still result in data integrity and availability issues.
What immediate steps should I take to mitigate this vulnerability?
Update to the latest version of the software available on the Eaton download center, as this security issue has been fixed in that version.