CVE-2025-1111 Information Disclosure Through Path Traversal Vulnerability
January 9, 2025 | by Stephan Hutterer
Summary
A security vulnerability has been identified in Product 2. This vulnerability could allow disclosure of sensitive information through the product’s web interface. We recommend that all affected users take the actions described below immediately.
Vulnerability Details
- Affected Products: Product 2
- Affected Versions: all versions before 5.41
- Vulnerability ID: CVE-2025-1111
- Type of Vulnerability: Information Disclosure
- Description:
This vulnerability could allow remote code execution through the product’s web interface. The injected code is executed with the privileges of the web application of product 1.
Severity Rating
- Severity: Critical
- CVSS v4 Score: 7.1
- CVSS v4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Solutions and Mitigations
- Update Available: Yes
Ensure you update to version 5.42 (or higher) which addresses the vulnerability. - Workarounds:
If no update is available, you can take the following steps:- Deactivate the web application
- Isolate the adjacent network
Discovery and Reporting
This vulnerability was discovered by an external security researcher. We thank Stephan Hutterer from CyberUp GmbH for his report and collaboration.