Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.
AnalysisAI
Path traversal in TeamT5 ThreatSonar Anti-Ransomware versions ≤4.0.0 allows authenticated remote attackers with web access to delete arbitrary system files, potentially disabling security protections or causing system instability. With CVSS 7.2 (High Integrity and Availability impact), this poses significant risk to security infrastructure despite requiring authentication. EPSS score of 0.31% suggests low immediate exploitation likelihood, and CISA SSVC classifies it as non-automatable with total technical impact but no confirmed exploitation.
Technical ContextAI
ThreatSonar Anti-Ransomware is an endpoint protection platform developed by TeamT5 for detecting and preventing ransomware attacks. This vulnerability stems from CWE-23 (Relative Path Traversal), where the web interface fails to properly sanitize file path inputs. The affected component (cpe:2.3:a:teamt5:threatsonar_anti-ransomware) allows authenticated users to manipulate file path parameters using traversal sequences (e.g., '../') to escape intended directories and target arbitrary filesystem locations. The CVSS 4.0 vector shows High Integrity (VI:H) and Availability (VA:H) impact with no Confidentiality impact (VC:N), reflecting that attackers can delete but not read files. The vulnerability requires low-privilege authentication (PR:L) over network access (AV:N) with low attack complexity (AC:L), making it exploitable by any authenticated web user without specialized conditions.
RemediationAI
Upgrade to ThreatSonar Anti-Ransomware version 4.0.1 or later as recommended in TWCERT advisory TWB26-031. Consult the official TeamT5 vendor advisory linked through TWCERT at https://www.twcert.org.tw/en/cp-139-10832-05f3a-2.html for patch distribution channels and deployment guidance. If immediate patching is not feasible, implement these compensating controls with noted trade-offs: Restrict web interface access to dedicated management VLANs or bastion hosts using firewall rules (reduces administrative flexibility but eliminates internet-facing exposure). Enforce multi-factor authentication for all ThreatSonar web console access (increases authentication overhead but raises exploitation difficulty). Enable comprehensive file integrity monitoring on ThreatSonar installation directories and critical system paths to detect unauthorized deletion attempts (provides detection but not prevention, and may generate alert fatigue). Implement principle of least privilege by reviewing and reducing web console user permissions to only necessary administrative roles (may require workflow adjustments but limits attack surface). Monitor web access logs for suspicious path traversal patterns (../, ..\ sequences) and establish alerting thresholds (detection-only, no prevention).
More in Threatsonar Anti Ransomware
View allOS command injection in TeamT5 ThreatSonar Anti-Ransomware ≤4.0.0 allows authenticated remote attackers with shell acces
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Rated high severity (C
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23799
GHSA-544v-v93w-x43g