CVE-2025-28382

| EUVD-2025-18282 HIGH
2025-06-13 [email protected] GHSA-cf8v-5mrc-jv7f
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2025-18282
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
PoC Detected
Oct 27, 2025 - 16:15 vuln.today
Public exploit code
CVE Published
Jun 13, 2025 - 14:15 nvd
HIGH 7.5

Tags

Path Traversal Cosmos

Description

An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

Analysis

Directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 that allows unauthenticated remote attackers to read arbitrary files from the server via the openc3-api/tables endpoint. This high-severity issue (CVSS 7.5) enables confidentiality breaches without requiring authentication or user interaction, potentially exposing sensitive configuration files, credentials, and operational data managed by the COSMOS command and control system.

Technical Context

OpenC3 COSMOS is a command and control software framework commonly used in aerospace, satellite, and space operations. The vulnerability exists in the REST API endpoint '/openc3-api/tables' which fails to properly sanitize user-supplied path parameters before using them in file system operations. This is a classic CWE-22 (Improper Limitation of a Pathname to a Restricted Directory/'Path Traversal') vulnerability where attackers can use directory traversal sequences (e.g., '../../../etc/passwd') to access files outside the intended application directory. The affected software is OpenC3 COSMOS (CPE: cpe:2.3:a:openc3:cosmos) with versions from initial release through 6.0.x being vulnerable. The endpoint likely processes table data from user-controlled input without implementing proper canonicalization or whitelist-based path validation.

Affected Products

OpenC3 COSMOS (< 6.1.0 (all versions from initial release through 6.0.x))

Remediation

PATCH: Upgrade to OpenC3 COSMOS version 6.1.0 or later; priority: IMMEDIATE; details: Version 6.1.0 contains fixes for the directory traversal vulnerability in the openc3-api/tables endpoint WORKAROUND: If immediate patching is not possible, disable or restrict network access to the /openc3-api/tables endpoint; details: Implement web application firewall (WAF) rules to block requests containing directory traversal patterns (../, ..\ encoded variants) to this specific endpoint. Monitor for suspicious activity patterns. MITIGATION: Implement defense-in-depth controls; details: 1) Restrict API access via network segmentation (only authorized systems should reach COSMOS API); 2) Deploy rate limiting on the tables endpoint; 3) Enable comprehensive API request logging with alerting for path traversal patterns; 4) Run COSMOS with minimal file system permissions (principle of least privilege); 5) Consider deploying a reverse proxy that normalizes/validates URL paths before forwarding VERIFICATION: After patching, verify the fix; details: Test that requests like GET /openc3-api/tables?table=../../../../etc/passwd are rejected or return no sensitive data. Confirm COSMOS version is 6.1.0+ via API or application metadata endpoints

Priority Score

59
Low Medium High Critical
KEV: 0
EPSS: +1.1
CVSS: +38
POC: +20

Share

CVE-2025-28382 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy