CVE-2025-27025HIGH 8.8EPSS p45.0%

CVE-2025-27025CVE-2025-27025

Description

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.62% probability of exploitation · percentile 45.0% · 2026-06-18T12:00:27Z
Published2025-07-02
Last modified2026-04-15

Underlying weaknesses· 1

CWE-280

References

  1. https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27025
  2. https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27025

1

TypeTargetConfidenceTier
WeaknessImproper Handling of Insufficient Permissions or Privilegescwe-2800%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41758
CVE
CVE-2025-41651
CVE
CVE-2025-25270
CVE
CVE-2025-3499
CVE
CVE-2025-49181
CVE
CVE-2025-0592
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.