CRITICAL🇵🇱 Wersja polska

CVE-2025-41723

CVSS 9.8v3.1pub. 2025-10-22upd. 2026-04-15

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.

🤖 AI Analysis
How it works

An attacker sends a crafted SOAP request to the importFile method, containing path traversal sequences (e.g., '../') in the parameter specifying the target file path. The path verification mechanism is insufficient, allowing escape from the permitted directory and file writing to any location in the file system. The operation does not require any authentication — the vulnerability is remotely accessible over the network.

Impact

An attacker can write arbitrary files to critical locations in the operating system, which may lead to system compromise, malicious code execution, or violation of data integrity and confidentiality.

Mitigation & patch

Apply patches available from the vendor according to the references (VDE-2025-060 guide available at: https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json). Until updates are applied, it is recommended to restrict network access to the SOAP interface exclusively to trusted hosts.

Who is affected

Versions indicated in the vendor's references (VDE-2025-060 security advisory concerning Sauter products).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References