CVE-2025-6240 (GCVE-0-2025-6240)
Vulnerability from cvelistv5 – Published: 2025-06-18 14:46 – Updated: 2025-06-18 14:58
VLAI
EPSS
VEX
Title
Profisee Path Traversal Vulnerability
Summary
Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6240",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T14:58:09.867880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:58:20.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.profisee.com",
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"platforms": [
"Windows"
],
"product": "Profisee",
"vendor": "Profisee",
"versions": [
{
"lessThan": "2024R2",
"status": "affected",
"version": "2020R1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Santeri Siiril\u00e4"
},
{
"lang": "en",
"type": "finder",
"value": "Mikko Korpi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.\u003cp\u003eThis issue affects Profisee: from 2020R1 before 2024R2.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T14:46:57.742Z",
"orgId": "c0ec9282-ea44-45d7-9b32-48d87cb37538",
"shortName": "Profisee"
},
"references": [
{
"url": "https://profisee.com/security/vulnerabilities/detail/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apply the Hotfix for previous versions of the product or update to a version 2025R1 or later"
}
],
"value": "Apply the Hotfix for previous versions of the product or update to a version 2025R1 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "Profisee Path Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c0ec9282-ea44-45d7-9b32-48d87cb37538",
"assignerShortName": "Profisee",
"cveId": "CVE-2025-6240",
"datePublished": "2025-06-18T14:46:57.742Z",
"dateReserved": "2025-06-18T14:44:48.687Z",
"dateUpdated": "2025-06-18T14:58:20.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-6240",
"date": "2026-07-17",
"epss": "0.00281",
"percentile": "0.20129"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-6240\",\"sourceIdentifier\":\"c0ec9282-ea44-45d7-9b32-48d87cb37538\",\"published\":\"2025-06-18T15:15:28.187\",\"lastModified\":\"2026-06-17T10:01:26.693\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de validaci\u00f3n de entrada incorrecta en Profisee en Windows (m\u00f3dulos del sistema de archivos) permite Path Traversal despu\u00e9s de la autenticaci\u00f3n en el sistema Profisee. Este problema afecta a Profisee: desde 2020R1 hasta 2024R2.\"}],\"affected\":[{\"source\":\"c0ec9282-ea44-45d7-9b32-48d87cb37538\",\"affectedData\":[{\"vendor\":\"Profisee\",\"product\":\"Profisee\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://www.profisee.com\",\"modules\":[\"filesystem\"],\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"2020R1\",\"lessThan\":\"2024R2\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"c0ec9282-ea44-45d7-9b32-48d87cb37538\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:D/RE:M/U:Green\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NO\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"GREEN\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-06-18T14:58:09.867880Z\",\"id\":\"CVE-2025-6240\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"c0ec9282-ea44-45d7-9b32-48d87cb37538\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://profisee.com/security/vulnerabilities/detail/\",\"source\":\"c0ec9282-ea44-45d7-9b32-48d87cb37538\"}]}}",
"redhat_vex": {
"current_release_date": "2025-06-23T08:39:43+00:00",
"cve": "CVE-2025-6240",
"id": "CVE-2025-6240",
"initial_release_date": "2025-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Profisee Path Traversal Vulnerability",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6240.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-6240\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-18T14:58:09.867880Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-18T14:58:12.657Z\"}}], \"cna\": {\"title\": \"Profisee Path Traversal Vulnerability\", \"source\": {\"discovery\": \"USER\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Santeri Siiril\\u00e4\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Mikko Korpi\"}], \"impacts\": [{\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126 Path Traversal\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5, \"Automatable\": \"NO\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:H/SI:H/SA:H/AU:N/V:D/RE:M/U:Green\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Profisee\", \"modules\": [\"filesystem\"], \"product\": \"Profisee\", \"versions\": [{\"status\": \"affected\", \"version\": \"2020R1\", \"lessThan\": \"2024R2\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"collectionURL\": \"https://www.profisee.com\", \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Apply the Hotfix for previous versions of the product or update to a version 2025R1 or later\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Apply the Hotfix for previous versions of the product or update to a version 2025R1 or later\", \"base64\": false}]}], \"references\": [{\"url\": \"https://profisee.com/security/vulnerabilities/detail/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.\u003cp\u003eThis issue affects Profisee: from 2020R1 before 2024R2.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"c0ec9282-ea44-45d7-9b32-48d87cb37538\", \"shortName\": \"Profisee\", \"dateUpdated\": \"2025-06-18T14:46:57.742Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-6240\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-18T14:58:20.460Z\", \"dateReserved\": \"2025-06-18T14:44:48.687Z\", \"assignerOrgId\": \"c0ec9282-ea44-45d7-9b32-48d87cb37538\", \"datePublished\": \"2025-06-18T14:46:57.742Z\", \"assignerShortName\": \"Profisee\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…