CVE-2025-14253

Sažetak

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Reference

https://www.twcert.org.tw/en/cp-139-10543-380bd-2.html
https://www.twcert.org.tw/tw/cp-132-10542-4c682-1.html

CVSS

Base:	4.9
Impact:	3.6
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

08-12-2025 - 18:26

Objavljeno

08-12-2025 - 08:15