CVE-2025-41714
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2025-09-11

Assigner: CERT VDE

Description
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may be leveraged to achieve remote code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2025-09-11
Generated
2026-06-16
AI Q&A
2025-09-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41714
EUVD
EUVD-2025-27517
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
welotec smartems *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs because the upload endpoint does not properly validate the 'Upload-Key' request header. An authenticated attacker can use path traversal sequences in this header to make the server create upload-related files outside the intended storage area. Depending on the server configuration, this can allow arbitrary file writes and potentially enable remote code execution.

Impact Analysis

The vulnerability can lead to severe impacts including unauthorized file creation outside designated directories, arbitrary file writes, and potentially remote code execution. This means an attacker could manipulate files on the server or execute malicious code, compromising the system's confidentiality, integrity, and availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41714. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart