CVE-2025-65418
Directory Traversal in docuFORM Managed Print Service Client
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docuform | fsm_client | 11.11c |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-65418 is a directory traversal vulnerability in the docuForm FSM Client software version 11.11c. It occurs because user input is used to build file paths without proper validation or normalization. This flaw allows attackers to manipulate the file path to escape restricted directories and read arbitrary files on the system.
The vulnerability can be exploited remotely without authentication by sending specially crafted URLs.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow attackers to read sensitive files outside the intended directories. This includes configuration files, application source code, system files, and user-specific data.
Such unauthorized access can lead to information disclosure, which may facilitate further attacks or compromise of the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthenticated requests containing crafted URLs that attempt directory traversal patterns, such as sequences like "../" or encoded variants, targeting the docuFORM Managed Print Service Client 11.11c.
Network detection can involve inspecting HTTP requests for suspicious path traversal strings.
On the system, checking web server logs or application logs for unusual file access attempts outside the intended directories can help identify exploitation attempts.
- Use tools like grep to search logs for directory traversal patterns, e.g.:
- grep -E "\.\./|%2e%2e%2f" /path/to/access.log
- Use curl or wget to test the vulnerability by sending crafted requests with directory traversal payloads, for example:
- curl "http://target/docuform/path/../../../../etc/passwd"
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the vendor-provided patch or update released in November 2025 that fixes this directory traversal vulnerability in docuFORM FSM Client version 11.11c.
If patching is not immediately possible, restrict access to the vulnerable service by network controls such as firewalls or access control lists to limit exposure.
Additionally, monitor logs for exploitation attempts and consider implementing web application firewall (WAF) rules to block directory traversal patterns in URLs.