Skip to main content

LambertGroup CLEVER EUVDEUVD-2025-17503

| CVE-2025-31635 HIGH
Path Traversal (CWE-22)
2025-06-09 audit@patchstack.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 23, 2026 - 15:42 vuln.today
cvss_changed
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17503
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
CVE Published
Jun 09, 2025 - 16:15 nvd
HIGH 7.5

DescriptionCVE.org

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LambertGroup CLEVER allows Path Traversal. This issue affects CLEVER: from n/a through 2.6.

AnalysisAI

Path traversal vulnerability in LambertGroup CLEVER versions up to 2.6 that allows unauthenticated remote attackers to read arbitrary files from the affected system with high confidentiality impact. The vulnerability requires no user interaction and can be exploited over the network, making it a critical exposure for organizations running vulnerable CLEVER instances. While CVSS 7.5 indicates significant risk, actual exploitation depends on KEV listing status and public POC availability, which should be verified against current threat intelligence feeds.

Technical ContextAI

This vulnerability exploits improper input validation in pathname handling (CWE-22: Improper Limitation of a Pathname to a Restricted Directory). The affected product, LambertGroup CLEVER (CPE: likely cpe:2.3:a:lambertgroup:clever), fails to properly sanitize file path parameters, allowing attackers to use directory traversal sequences (e.g., '../../../') to access files outside the intended restricted directory. This is a classic path traversal flaw where user-supplied input is concatenated directly into file operations without normalization or validation. The vulnerability affects CLEVER versions from an unspecified baseline through version 2.6, suggesting the flaw has existed for multiple release cycles.

RemediationAI

Immediate actions: (1) Upgrade CLEVER to version 2.7 or later once released/validated by LambertGroup; (2) Until patches are available, implement network-level controls to restrict access to CLEVER services (WAF rules, IP whitelisting, VPN gating); (3) Disable or restrict file-serving endpoints if not required; (4) Review access logs for suspicious '../' sequences or unusual file access patterns; (5) Monitor file system changes on systems hosting CLEVER. Consult LambertGroup's official security advisory for specific patch links, rollout timelines, and any interim mitigations. If no patch exists yet, consider architectural isolation of CLEVER instances until remediation is available.

Share

EUVD-2025-17503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy