CVE-2025-27920HIGH 8.8CISA KEVEPSS p74.9%
CVE-2025-27920Srimax Output Messenger Directory Traversal Vulnerability
Srimax / Output Messenger
Description
Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
Scoring
| CVSS 3.1 | 8.8 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 1.75% probability of exploitation · percentile 74.9% · 2026-06-18T12:00:27Z |
| Published | 2025-05-05 |
| Last modified | 2025-11-05 |
CISA KEV entry
Added to KEV: 2025-05-19
Underlying weaknesses· 1
References
- https://www.outputmessenger.com/cve-2025-27920/
- https://www.srimax.com/products-2/output-messenger/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27920
- https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/
1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Path Traversal: '../filedir'cwe-24 | 0% | live |
(incoming)1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| KEVEntry | Srimax Output Messenger Directory Traversal Vulnerabilitykev-cve-2025-27920 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.