CVE-2025-15577

EPSS 0.51%
Veröffentlicht 12.02.2026 06:04:56
Zuletzt bearbeitet 23.02.2026 14:05:23
Quelle db4dfee8-a97e-4877-bfae-eba6d1
CVE-Watchlists
Login
Unerledigt
Login

Valmet DNA Web server arbitrary file read access

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Valmet ≫ Dna Version <= 2022

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.51%	0.391

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
db4dfee8-a97e-4877-bfae-eba6d14a2166	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:X/V:D/RE:M/U:Green

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.valmet.com/company/innovation/advisories/CVE-2025-15577/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-15577

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15577

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15577

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15577