CVE-2025-9570
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2025-09-25

Assigner: TWCERT/CC

Description
The eHRD CTMS developed by Sunnet has an Arbitrary File Reading vulnerability, allowing remote attackers with administrator privileges to exploit Relative Path Traversal to download arbitrary system files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2025-09-25
Generated
2026-05-07
AI Q&A
2025-09-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-9570
EUVD
EUVD-2025-28867
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sun.net ehrd_ctms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the eHRD CTMS developed by Sunnet is an Arbitrary File Reading flaw. It allows remote attackers who already have administrator privileges to exploit a Relative Path Traversal issue to download arbitrary system files from the server.


How can this vulnerability impact me? :

The impact of this vulnerability is that an attacker with administrator privileges can access and download sensitive system files that they should not normally be able to access. This could lead to exposure of confidential information or system configuration details, potentially aiding further attacks or data breaches.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart