Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A flaw has been found in OpenWGA 7.11.12 Build 737. This affects an unknown function of the file WGA.File of the component TMLScript API. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Path traversal vulnerability in OpenWGA 7.11.12 Build 737 TMLScript API WGA.File component allows high-privileged remote attackers to manipulate file paths and access unauthorized resources. The vulnerability has publicly available exploit code and an extremely low EPSS score (0.07%, percentile 22%), suggesting limited real-world exploitation despite network accessibility, likely due to the requirement for high-level authentication that restricts practical attack surface.
Technical ContextAI
OpenWGA is a web content management framework built on TMLScript, a server-side templating language. The WGA.File component provides file system operations within TMLScript templates. CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) indicates the vulnerability stems from insufficient validation of file path inputs, allowing directory traversal sequences (e.g., '../../../') to escape intended directory boundaries. The TMLScript API likely processes user-supplied or template-derived path arguments without proper canonicalization or sandboxing, enabling access to files outside the application's intended working directory.
Affected ProductsAI
OpenWGA version 7.11.12 Build 737 is explicitly confirmed as vulnerable. The CVE description does not specify whether earlier versions are affected or whether later versions have been patched. No CPE data is available in the references to establish a definitive version range. No vendor advisory or security bulletin has been identified to clarify scope of affected versions.
RemediationAI
No vendor-released patch has been identified at time of analysis. The vendor did not respond to early disclosure attempts per the CVE description, indicating no official fix timeline is established. Immediate compensating controls include: restrict network access to the OpenWGA application to trusted networks only using firewall or reverse proxy rules to limit who can reach the authentication boundary; disable or restrict the WGA.File TMLScript API component if not actively used in templates by removing permissions or blocking the component in the application configuration (verify this does not break critical functionality); enforce strict file system permissions on the OpenWGA application directory to prevent write access to sensitive files even if path traversal succeeds; and conduct a security review of all TMLScript templates to identify and remove direct file path manipulation, replacing dynamic paths with a whitelist-based approach. Organizations should monitor for vendor patches or consider upgrading to a newer major version if available, though version 7.x appears to be the active line.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today