CVE-2025-39475

| EUVD-2025-17512 HIGH
2025-06-09 [email protected]
8.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17512
CVE Published
Jun 09, 2025 - 16:15 nvd
HIGH 8.1

Tags

PHP Path Traversal

Description

Path Traversal vulnerability in Frenify Arlo allows PHP Local File Inclusion. This issue affects Arlo: from n/a through 6.0.3.

Analysis

Path Traversal vulnerability enabling PHP Local File Inclusion (LFI) in Frenify Arlo through version 6.0.3. The vulnerability allows unauthenticated remote attackers to read arbitrary files from the server filesystem by manipulating path parameters, potentially exposing sensitive configuration files, source code, and credentials. With a CVSS score of 8.1 and network-accessible attack vector, this vulnerability poses significant risk to confidentiality and integrity; exploitation likelihood and active weaponization status cannot be confirmed from available data, but the straightforward nature of path traversal attacks suggests moderate-to-high real-world exploitation probability.

Technical Context

The vulnerability stems from improper input validation in file inclusion mechanisms within Frenify Arlo (affected CPE likely: cpe:2.3:a:frenify:arlo:*:*:*:*:*:*:*:*). CWE-35 (Path Traversal) indicates the application fails to properly sanitize or validate user-supplied path parameters before using them in file operations. In PHP applications, this typically manifests through include(), require(), file_get_contents(), or similar functions that process user input without adequate canonicalization or directory restriction. The LFI nature suggests attackers can traverse directory hierarchies using sequences like '../' or null bytes to access files outside the intended web root or application directory, potentially including /etc/passwd, application configuration files, or database credentials stored in plaintext configuration scripts.

Affected Products

Arlo (6.0.3 and earlier (up to version 6.0.3 inclusive)

Remediation

- priority: CRITICAL; action: Upgrade Frenify Arlo to version 6.0.4 or later; details: Vendor has released patches addressing path traversal input validation. Immediate upgrade is recommended for all instances running version 6.0.3 or earlier. - priority: HIGH; action: Implement Web Application Firewall (WAF) rules; details: Deploy WAF signatures to block common path traversal patterns (../, ..\, %2e%2e, null bytes, unicode encodings) in HTTP requests to Arlo endpoints prior to patching. - priority: HIGH; action: Restrict network access; details: Limit access to Arlo application to trusted networks or require VPN/IP whitelisting until patches can be applied; disable public internet exposure if operationally feasible. - priority: MEDIUM; action: File permission hardening; details: Restrict file system permissions on sensitive configuration files (/etc/passwd, application config files, .env, database credentials) to prevent disclosure via LFI even if path traversal succeeds. - priority: MEDIUM; action: Log and monitor for exploitation; details: Enable detailed logging of file inclusion requests and monitor for patterns consistent with directory traversal attempts (../ sequences, unusual file paths in request parameters).

Priority Score

41
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +40
POC: 0

Share

CVE-2025-39475 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy