CVE-2025-28384

| EUVD-2025-18281 CRITICAL
2025-06-13 [email protected] GHSA-p67j-387g-75wc
9.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 21:34 euvd
EUVD-2025-18281
Analysis Generated
Mar 14, 2026 - 21:34 vuln.today
PoC Detected
Oct 27, 2025 - 16:15 vuln.today
Public exploit code
CVE Published
Jun 13, 2025 - 14:15 nvd
CRITICAL 9.1

Tags

Path Traversal Cosmos

Description

An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.

Analysis

Critical directory traversal vulnerability in OpenC3 COSMOS versions before 6.1.0 affecting the /script-api/scripts/ endpoint. An unauthenticated attacker can exploit this flaw over the network with no user interaction required to read and potentially write arbitrary files on the affected system, achieving high confidentiality and integrity impact. The vulnerability has a CVSS score of 9.1 (Critical) with an CVSS vector indicating network-based attack, low complexity, and no privilege requirements.

Technical Context

This vulnerability is rooted in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'), a class of flaws where an application fails to properly validate or sanitize user-supplied path parameters. In OpenC3 COSMOS, the /script-api/scripts/ REST API endpoint processes user input related to script file paths without adequate canonicalization or boundary checking. An attacker can inject path traversal sequences (e.g., '../', '..\', or encoded variants) to navigate outside the intended script directory and access the broader filesystem. OpenC3 COSMOS is a mission-critical command and control software platform used for satellite operations and complex distributed system management (CPE: cpe:2.3:a:openc3:cosmos:*:*:*:*:*:*:*:*). The affected versions range from versions prior to 6.1.0, suggesting this is a recently patched issue in the COSMOS product line.

Affected Products

OpenC3 COSMOS (< 6.1.0); OpenC3 COSMOS (>= 6.1.0)

Remediation

Vendor Patch: Upgrade OpenC3 COSMOS to version 6.1.0 or later; priority: IMMEDIATE; details: The vendor has released version 6.1.0 which addresses the directory traversal vulnerability in the /script-api/scripts/ endpoint through input validation and path canonicalization improvements. Temporary Mitigation: Restrict network access to the /script-api/scripts/ endpoint; priority: HIGH; details: Implement network-level access controls (firewall rules, WAF) to limit who can reach the affected endpoint. Allow only trusted internal networks or specific IP addresses to access COSMOS API endpoints until patching is possible. Temporary Mitigation: Disable the /script-api/scripts/ endpoint if not in use; priority: HIGH; details: If the script API is not actively required, disable or deactivate the endpoint at the application or reverse proxy level to eliminate the attack surface. Monitoring: Monitor logs for suspicious path traversal patterns; priority: MEDIUM; details: Search COSMOS API logs for requests containing '../', '..\', URL-encoded sequences (%2e%2e, %252e), or other path traversal indicators targeting the /script-api/scripts/ endpoint. Assessment: Audit file system exposure; priority: HIGH; details: Determine which files could be accessed via path traversal (sensitive configs, credentials, source code). Conduct forensic analysis if systems were exposed prior to patching.

Priority Score

67
Low Medium High Critical
KEV: 0
EPSS: +1.2
CVSS: +46
POC: +20

Share

CVE-2025-28384 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy