Cmc
CVE-2025-40898
HIGH
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.
AnalysisAI
Path traversal in Nozomi Networks CMC and Guardian allows authenticated users with limited privileges to write arbitrary files to any system location by uploading a malicious Arc data archive. This enables device configuration tampering and denial-of-service attacks. Attack requires low-privilege authentication but has high integrity and availability impact (CVSS 7.2). No public exploit identified at time of analysis, though the attack vector is straightforward for authenticated insiders or compromised accounts.
Technical ContextAI
This vulnerability affects the Arc data archive import functionality in Nozomi Networks CMC (Central Management Console) and Guardian industrial network monitoring platforms, identified via CPE strings cpe:2.3:a:nozominetworks:cmc and cpe:2.3:a:nozominetworks:guardian. The root cause is CWE-22 (Path Traversal), also known as directory traversal or dot-dot-slash attack. The import mechanism fails to properly sanitize or validate file paths within uploaded Arc archives, allowing directory traversal sequences like '../' to escape intended directories. Arc files are likely compressed archives used for configuration import/export or data migration. Without proper canonicalization and validation of extracted file paths against a safe directory boundary, attackers can specify absolute paths or use traversal sequences to write to sensitive system locations such as configuration directories, startup scripts, or application binaries. The CVSS 4.0 vector indicates network-accessible attack surface (AV:N) with low complexity (AC:L) requiring only low-privilege authentication (PR:L), resulting in high integrity and availability impact (VI:H, VA:H) with no confidentiality impact (VC:N).
RemediationAI
Apply vendor-released security updates as detailed in Nozomi Networks security advisory NN-2025:15-01 available at https://security.nozominetworks.com/NN-2025:15-01. Exact patched versions should be confirmed from the vendor advisory. Organizations should also review Siemens advisory SSA-827968 at https://cert-portal.siemens.com/productcert/html/ssa-827968.html if using Siemens-branded or integrated versions of these products. As an interim mitigation until patching is complete, restrict Arc data archive import functionality to only highly trusted administrators through role-based access controls, implement strict approval workflows for archive imports, and monitor system logs for unexpected file creation or modification events outside normal operational patterns. Network segmentation should ensure management interfaces for CMC and Guardian are accessible only from trusted administrative networks, not directly from monitored OT segments or untrusted networks.
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain
An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript cod
Privilege escalation via configuration synchronization in Nozomi Networks Guardian and Central Management Console (CMC)
Privilege escalation in Nozomi Networks Guardian and CMC Threat Intelligence module allows authenticated view-only users
Stored Cross-Site Scripting (XSS) in Nozomi Networks Guardian and CMC allows authenticated attackers with custom field p
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today