9.8
CVE-2025-30515
- EPSS 0.5%
- Veröffentlicht 09.06.2025 22:31:50
- Zuletzt bearbeitet 12.08.2025 14:21:22
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginCyberData 011209 SIP Emergency Intercom Path Traversal
CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cyberdata ≫ 011209 Sip Emergency Intercom Firmware Version < 22.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.386 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| ics-cert@hq.dhs.gov | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ics-cert@hq.dhs.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-35 Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-01