CVE-2025-12250
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openwga | admin_client | 7.11.12 |
| openwga | openwga | 7.11.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12250 is a path traversal vulnerability in OpenWGA 7.11.12 Build 737, specifically in the TMLScript API's WGA.File functionality. It occurs because the software improperly handles external input used to build file or directory paths, allowing an attacker to traverse directories outside the intended restricted area. This can be exploited remotely but requires authentication. The vulnerability affects confidentiality, integrity, and availability by allowing unauthorized access to files and directories. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with some level of authentication to remotely access or manipulate files outside the intended directories, potentially leading to unauthorized disclosure of sensitive information, modification or deletion of files, and disruption of service. Additionally, if exploited with elevated privileges, it may allow remote code execution on the server, compromising the entire system. [1, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards like GDPR and HIPAA because it compromises confidentiality, integrity, and availability of data by allowing unauthorized access and potential manipulation of sensitive information. Such breaches can lead to violations of data protection requirements and result in legal and regulatory consequences. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your OpenWGA installation is version 7.11.12 Build 737 and if the TMLScript API's WGA.File functionality is accessible. Since the exploit requires authentication with Admin or Design privileges, verifying unauthorized file writes or unexpected files in the webroot directory can indicate exploitation attempts. Monitoring for path traversal patterns in logs or unusual file creation can help detect attacks. Specific commands could include searching for suspicious files in the webroot, for example: `find /path/to/openwga/webroot -type f -name '*.jsp' -exec ls -l {} \;` to find potentially malicious JSP files. Additionally, reviewing server logs for path traversal attempts or unusual TMLScript API usage is recommended. However, no specific detection commands or tools are provided in the resources. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the TMLScript API, especially the WGA.File functionality, to trusted users only, and limiting Admin or Design privileges to essential personnel. Since the vulnerability requires authentication, enforcing strong authentication and monitoring for suspicious activity is critical. Additionally, consider removing or disabling writable and executable permissions on the webroot directory to prevent malicious file uploads and execution. Due to the lack of vendor response and no official patches or mitigations, it is recommended to replace or upgrade the affected OpenWGA component or product if possible. Monitoring for exploitation attempts and applying network-level protections such as firewall rules to limit access to the vulnerable service can also help reduce risk. [1, 3]