CVE-2025-47415
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-11

Assigner: Crestron Electronics, Inc.

Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001. Confirmed Affected Hardware:β€―TSW-760, TSW-1060 Confirmed Affected Firmware:β€―3.002.1061Β - (no fix released, product discontinued) Β  For x70β€―Β  The Affected Firmware:- 3.000.0110.001 β€―and versions below The Fixed Firmware:- 3.001.0031.001
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-11
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-47415
EUVD
EUVD-2025-27588
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
crestron touchscreens_x70 3.001.0031.001
crestron touchscreens_x70 3.000.0110.001
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Path Traversal issue in CRESTRON TOUCHSCREENS x70 devices. It allows an attacker to use relative path traversal to access files and directories outside the intended restricted directory. This occurs due to improper limitation of pathname inputs, potentially enabling unauthorized access to sensitive files on the device.

Impact Analysis

The vulnerability can allow an attacker with certain privileges to access files outside the restricted directories on affected CRESTRON TOUCHSCREENS x70 devices. This could lead to unauthorized disclosure of sensitive information or manipulation of system files, potentially compromising the device's security and functionality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47415. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart