CVE-2025-40898

High CVSS: 7.2

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.

Vendor

Nozominetworks

Product

Cmc

CWE

CWE-22

Yayın Tarihi

2025-12-18 14:15:59

Güncelleme

2026-01-06 20:08:13

Source Identifier

prodsec@nozominetworks.com

KEV Date Added

Kategoriler

CWE-22 Cmc HIGH Nozominetworks 2025

Referanslar

https://security.nozominetworks.com/NN-2025:15-01

Benzer Kayıtlar

Medium

CVE-2025-40896

The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could per…

Low

CVE-2025-40894

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper valida…

Low

CVE-2025-40895

A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on…

Low

CVE-2025-40891

A Stored HTML Injection vulnerability was discovered in the Time Machine Snapshot Diff functionality due to improper val…

High

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an…

Medium

CVE-2025-40893

A Stored HTML Injection vulnerability was discovered in the Asset List functionality due to improper validation of netwo…