Sicam Siapp Sdk
CVE-2026-25605
MEDIUM
Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption.
AnalysisAI
Unvalidated file path handling in SICAM SIAPP SDK versions below 2.1.7 permits local attackers to delete arbitrary files and sockets accessible to the application process, causing denial of service or service disruption. The vulnerability requires local access and specific conditions to exploit but carries no patching option currently. Organizations using affected SDK versions should implement access controls and monitor for unexpected file deletion activity until an update becomes available.
Technical ContextAI
Affects the denial of component of Sicam Siapp Sdk. A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An attacker could delete files or sockets that the affected process has permission to remove, potentially resulting in denial of service or service disruption.
RemediationAI
Monitor vendor advisories for a patch.
More in Sicam Siapp Sdk
View allCommand injection in SICAM SIAPP SDK versions prior to 2.1.7 allows unauthenticated local attackers to manipulate shell
Insufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting loc
Out-of-bounds write vulnerability in SICAM SIAPP SDK versions prior to V2.1.7 allows local attackers to corrupt memory a
Stack overflow in SICAM SIAPP SDK versions prior to 2.1.7 allows local attackers to crash the server component by submit
Stack overflow in SICAM SIAPP SDK versions below 2.1.7 results from missing input length validation on client-side varia
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today