Search
Find a vulnerability
Search criteria
1 vulnerability
CVE-2025-6240 (GCVE-0-2025-6240)
Vulnerability from cvelistv5 – Published: 2025-06-18 14:46 – Updated: 2025-06-18 14:58
VLAI
EPSS
VEX
Title
Profisee Path Traversal Vulnerability
Summary
Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:58:09.867880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:58:20.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.profisee.com",
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"platforms": [
"Windows"
],
"product": "Profisee",
"vendor": "Profisee",
"versions": [
{
"lessThan": "2024R2",
"status": "affected",
"version": "2020R1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Santeri Siiril\u00e4"
},
{
"lang": "en",
"type": "finder",
"value": "Mikko Korpi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.\u003cp\u003eThis issue affects Profisee: from 2020R1 before 2024R2.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:46:57.742Z",
"orgId": "c0ec9282-ea44-45d7-9b32-48d87cb37538",
"shortName": "Profisee"
},
"references": [
{
"url": "https://profisee.com/security/vulnerabilities/detail/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the Hotfix for previous versions of the product or update to a version 2025R1 or later"
}
],
"value": "Apply the Hotfix for previous versions of the product or update to a version 2025R1 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "Profisee Path Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c0ec9282-ea44-45d7-9b32-48d87cb37538",
"assignerShortName": "Profisee",
"cveId": "CVE-2025-6240",
"datePublished": "2025-06-18T14:46:57.742Z",
"dateReserved": "2025-06-18T14:44:48.687Z",
"dateUpdated": "2025-06-18T14:58:20.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}