What is the CVSS score of CVE-2025-27956?

CVE-2025-27956 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 2.5%.

Which versions of Weblaudos are affected by CVE-2025-27956?

A directory traversal vulnerability in WebLaudos 24.2 allows unauthenticated attackers to access sensitive information through a publicly available exploit.

Is there a public PoC exploit available for CVE-2025-27956?

Yes, a public proof-of-concept exploit is available for CVE-2025-27956. Prioritise patching immediately. EPSS: 2.5%.

How to fix or mitigate CVE-2025-27956?

Within 24 hours: Identify all systems running WebLaudos 24.2 (04) and restrict network access to trusted users only; implement Web Application Firewall rules to block directory traversal patterns in the id parameter. Within 7 days: Contact WebLaudos vendor for patch availability and timeline; evaluate migration to alternative solutions if patches are unavailable. Within 30 days: Deploy patched version across all affected systems; conduct forensic review of access logs to determine if the vulnerability was exploited.

Weblaudos CVE-2025-27956

EUVD-2025-16684 HIGH

Path Traversal (CWE-22)

2025-06-02 cve@mitre.org

Path Traversal Information Disclosure Weblaudos

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 16:47 euvd

EUVD-2025-16684

Analysis Generated

Mar 14, 2026 - 16:47 vuln.today

PoC Detected

Jun 17, 2025 - 18:45 vuln.today

Public exploit code

CVE Published

Jun 02, 2025 - 18:15 nvd

HIGH 7.5

DescriptionCVE.org

Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.

AnalysisAI

Directory Traversal vulnerability (CWE-22) in WebLaudos version 24.2 (04) that allows unauthenticated remote attackers to read arbitrary files and obtain sensitive information through improper validation of the 'id' parameter. With a CVSS score of 7.5 and network-based attack vector requiring no privileges or user interaction, this vulnerability poses a significant confidentiality risk to exposed WebLaudos instances. The vulnerability's active exploitation status and proof-of-concept availability should be verified through current KEV databases and security advisories.

Technical ContextAI

Directory Traversal vulnerabilities (CWE-22) occur when an application fails to properly validate or sanitize user-supplied input used in file path operations, allowing attackers to escape intended directory boundaries using path traversal sequences (e.g., '../', '..\', or URL-encoded variants like '%2e%2e%2f'). In WebLaudos 24.2 (04), the vulnerable 'id' parameter is processed without adequate input validation, permitting attackers to traverse the file system hierarchy. WebLaudos is a document/clinical records management system commonly deployed in healthcare environments. The vulnerability likely affects the web application's file retrieval or document access functionality, where user-controlled parameters are passed directly to file system operations without canonicalization or allowlist validation. CPE string would be: cpe:2.3:a:weblaudos:weblaudos:24.2:*:*:*:*:*:*:*

CVE-2025-27956 vulnerability details – vuln.today

Back

Weblaudos CVE-2025-27956

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Share

External POC / Exploit Code