CVE-2025-14704
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-15

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14704
EUVD
EUVD-2025-203335
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sgwbox n3_nas to 2.0.25 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14704 is a critical path traversal vulnerability in Shiguangwu sgwbox N3 version 2.0.25, specifically in an unknown function of the API component at the /eshell endpoint. It allows attackers to manipulate file paths to access directories and files outside the intended restricted area. This can be done remotely without authentication, making it easy for attackers to exploit. The vulnerability enables unauthorized reading and writing of arbitrary files on the device, compromising system security. [1, 2]

Impact Analysis

This vulnerability can severely impact you by allowing attackers to remotely access and retrieve any files from the affected NAS device, including sensitive system and user files. Attackers can also perform arbitrary write operations, potentially modifying or deleting critical files. This compromises the confidentiality, integrity, and availability of your system, leading to data breaches, system corruption, or denial of service. [1, 2]

Mitigation Strategies

No known mitigations currently exist for this vulnerability. It is suggested to consider replacing the affected product, Shiguangwu sgwbox N3 version 2.0.25, as the vendor has not provided any countermeasures or patches. [1]

Compliance Impact

This vulnerability allows unauthorized remote attackers to access and retrieve arbitrary files, including potentially sensitive user and system data, due to path traversal flaws. Such unauthorized access and potential data exposure can lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding confidentiality and integrity of personal and health information. The lack of vendor response and absence of mitigations increase the risk of non-compliance with these standards. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14704. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart