EUVD-2026-31825
GHSA-fvqp-9h26-84g3
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile. Executing a manipulation of the argument path can lead to path traversal. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Unauthenticated path traversal in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0 exposes arbitrary file system access through the /SubstationWEBV2/app/..;/main/upfile endpoint by manipulating the path argument. The vulnerability is remotely exploitable with no authentication or user interaction required (CVSS 4.0 AV:N/AC:L/AT:N/PR:N/UI:N), and a publicly available proof-of-concept exists. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No authentication is required - CVSS vector PR:N confirms unauthenticated exploitation. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.5 (Medium) reflects a network-accessible, low-complexity, unauthenticated attack with partial confidentiality, integrity, and availability impact on the vulnerable component. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated remote attacker identifies an internet- or network-exposed Acrel EEMS 1.3.0 instance and sends a crafted HTTP request to `/SubstationWEBV2/app/..;/main/upfile` with a manipulated `path` parameter containing traversal sequences (e.g., `../../../../etc/passwd`), bypassing application-level path restrictions via the `..;` servlet filter evasion technique. The server processes the traversal, allowing the attacker to read sensitive files such as configuration files, credentials, or application data outside the intended web root. … |
| Remediation | No vendor-released patch has been identified at time of analysis - the vendor did not respond to the coordinated disclosure and no advisory URL is available from the vendor. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today