What is the CVSS score of EUVD-2025-201418?

EUVD-2025-201418 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H. EPSS exploitation probability: 0.9%.

Which versions of Warehouse Management System are affected by EUVD-2025-201418?

A HIGH severity vulnerability in Warehouse Management System 1.2 allows authenticated users to delete arbitrary files on affected servers through directory traversal manipulation.

Is there a public PoC exploit available for EUVD-2025-201418?

Yes, a public proof-of-concept exploit is available for EUVD-2025-201418. Prioritise patching immediately. EPSS: 0.9%.

How to fix or mitigate EUVD-2025-201418?

Within 24 hours: Audit logs for unauthorized file deletion activity and restrict access to the /goods/deleteGoods endpoint to essential personnel only. Within 7 days: Implement WAF rules to block directory traversal patterns in the goodsimg parameter and consider disabling the file deletion feature if not operationally critical. Within 30 days: Evaluate alternative WMS solutions or prepare for vendor patch deployment; conduct full system audit of deleted files and restore from backups if compromise is confirmed.

Warehouse Management System EUVD-2025-201418

| CVE-2025-65879 HIGH

Path Traversal (CWE-22)

2025-12-05 cve@mitre.org

Path Traversal Warehouse Management System

8.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.1 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201418

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

PoC Detected

Dec 12, 2025 - 12:51 vuln.today

Public exploit code

CVE Published

Dec 05, 2025 - 17:16 nvd

HIGH 8.1

DescriptionCVE.org

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOAD_PATH and passed to File.delete() without validation. A remote authenticated attacker can delete arbitrary files on the server by supplying directory traversal payloads.

Analysis

Technical ContextAI

Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.

RemediationAI

Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.

EUVD-2025-201418 vulnerability details – vuln.today

Back