CVE-2025-40889

High CVSS: 7.2

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder, and/or affect their availability.

Vendor

Nozominetworks

Product

Cmc

CWE

CWE-22

Yayın Tarihi

2025-10-07 13:15:35

Güncelleme

2025-10-09 16:37:35

Source Identifier

prodsec@nozominetworks.com

KEV Date Added

Kategoriler

CWE-22 Cmc HIGH Nozominetworks 2025

Referanslar

https://security.nozominetworks.com/NN-2025:9-01

Benzer Kayıtlar

Medium

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could per…

Low

CVE-2025-40894

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper valida…

Low

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on…

Low

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper val…

High

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an…

Medium

CVE-2025-40893

A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of netwo…