How to fix CVE-2025-27956?

Within 24 hours: Identify all systems running WebLaudos 24.2 (04) and restrict network access to trusted users only; implement Web Application Firewall rules to block directory traversal patterns in the id parameter. Within 7 days: Contact WebLaudos vendor for patch availability and timeline; evaluate migration to alternative solutions if patches are unavailable. Within 30 days: Deploy patched version across all affected systems; conduct forensic review of access logs to determine if the vulnerability was exploited.

Is Weblaudos affected by CVE-2025-27956?

A directory traversal vulnerability in WebLaudos 24.2 allows unauthenticated attackers to access sensitive information through a publicly available exploit.

CVE-2025-27956

EUVD-2025-16684 HIGH

2025-06-02 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 16:47 euvd

EUVD-2025-16684

Analysis Generated

Mar 14, 2026 - 16:47 vuln.today

PoC Detected

Jun 17, 2025 - 18:45 vuln.today

Public exploit code

CVE Published

Jun 02, 2025 - 18:15 nvd

HIGH 7.5

Description

Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.

Analysis

Directory Traversal vulnerability (CWE-22) in WebLaudos version 24.2 (04) that allows unauthenticated remote attackers to read arbitrary files and obtain sensitive information through improper validation of the 'id' parameter. With a CVSS score of 7.5 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses a significant confidentiality risk to exposed WebLaudos instances. The vulnerability's active exploitation status and proof-of-concept availability should be verified through current KEV databases and security advisories.

Technical Context

Directory Traversal vulnerabilities (CWE-22) occur when an application fails to properly validate or sanitize user-supplied input used in file path operations, allowing attackers to escape intended directory boundaries using path traversal sequences (e.g., '../', '..\', or URL-encoded variants like '%2e%2e%2f'). In WebLaudos 24.2 (04), the vulnerable 'id' parameter is processed without adequate input validation, permitting attackers to traverse the file system hierarchy. WebLaudos is a document/clinical records management system commonly deployed in healthcare environments. The vulnerability likely affects the web application's file retrieval or document access functionality, where user-controlled parameters are passed directly to file system operations without canonicalization or allowlist validation. CPE string would be: cpe:2.3:a:weblaudos:weblaudos:24.2:*:*:*:*:*:*:*

Affected Products

WebLaudos (['24.2 (04)'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +2.5

CVSS: +38

POC: +20

CVE-2025-27956 vulnerability details – vuln.today

Back

CVE-2025-27956

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-27956

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code