CVE-2025-53082

Medienbericht

EPSS 0.65%
Veröffentlicht 29.07.2025 05:08:25
Zuletzt bearbeitet 11.08.2025 19:11:12
Quelle PSIRT@samsung.com
CVE-Watchlists
Login
Unerledigt
Login

An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samsung ≫ Data Management Server Firmware Version >= 2.0.0 < 2.3.13.1

Samsung ≫ Data Management Server Version-

Samsung ≫ Data Management Server Firmware Version >= 2.5.0.17 < 2.6.14.1

Samsung ≫ Data Management Server Version-

Samsung ≫ Data Management Server Firmware Version >= 2.7.0.15 < 2.9.3.6

Samsung ≫ Data Management Server Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.65%	0.711

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
PSIRT@samsung.com	6.1	0.9	5.2	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://www.heise.de/news/Industrielle-Kontrollsysteme-Updates-schliessen-Schadcode-Schlupfloecher-10504485.html

Media Report

https://security.samsungda.com/securityUpdates.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-53082

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-53082

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-53082

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-53082