CVE-2025-9016
BaseFortify
Publication date: 2025-08-15
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mechrevo | control_center_gx_v2 | 5.56.51.48 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-426 | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Mechrevo Control Center GX V2 5.56.51.48, specifically in the Powershell Script Handler component. It involves manipulation that leads to an uncontrolled search path, which means the software may execute unintended or malicious scripts due to improper handling of file paths. Exploiting this vulnerability requires local access and is considered difficult due to high attack complexity.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to execution of unauthorized code with potentially high impact on confidentiality, integrity, and availability of the affected system. Since it requires local access and is difficult to exploit, the risk is somewhat limited, but successful exploitation could allow an attacker to compromise the system or escalate privileges.