What is the CVSS score of CVE-2025-65878?

CVE-2025-65878 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.7%.

Which versions of Warehouse Management System are affected by CVE-2025-65878?

A high-severity vulnerability in the warehouse management system version 1.2 allows attackers to read arbitrary files from our servers without authentication, potentially exposing sensitive data such…

Is there a public PoC exploit available for CVE-2025-65878?

Yes, a public proof-of-concept exploit is available for CVE-2025-65878. Prioritise patching immediately. EPSS: 0.7%.

How to fix or mitigate CVE-2025-65878?

Within 24 hours: Disable the `/file/showImageByPath` endpoint or restrict access to trusted internal networks only; implement WAF rules to block directory traversal patterns in path parameters; audit logs for exploitation attempts. Within 7 days: Apply network segmentation to isolate the warehouse management system; deploy compensating controls and conduct forensic analysis for unauthorized file access. Within 30 days: Coordinate with vendor for patch release; develop upgrade plan; perform full security assessment of the application.

Warehouse Management System CVE-2025-65878

EUVD-2025-201452 HIGH

Path Traversal (CWE-22)

2025-12-05 cve@mitre.org

Path Traversal Warehouse Management System

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201452

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Dec 12, 2025 - 12:51 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 17:16 nvd

HIGH 7.5

DescriptionCVE.org

The warehouse management system version 1.2 contains an arbitrary file read vulnerability. The endpoint /file/showImageByPath does not sanitize user-controlled path parameters. An attacker could exploit directory traversal to read arbitrary files on the server's file system. This could lead to the leakage of sensitive system information.

Analysis

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

CVE-2025-65878 vulnerability details – vuln.today

Back

Warehouse Management System CVE-2025-65878

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code