Vulnerability-Lookup

FKIE_CVE-2025-14224

Vulnerability from fkie_nvd - Published: 2025-12-08 09:15 - Updated: 2025-12-12 12:34

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

URL	Tags
cna@vuldb.com	https://vuldb.com/?ctiid.334666	Permissions Required, VDB Entry
cna@vuldb.com	https://vuldb.com/?id.334666	Third Party Advisory, VDB Entry
cna@vuldb.com	https://vuldb.com/?submit.701673	Third Party Advisory, VDB Entry
cna@vuldb.com	https://www.notion.so/2b76cf4e528a80f6ae50fe21b13ff0b8	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.notion.so/Yottamaster-NAS-Unauth-Operation-2b76cf4e528a80f6ae50fe21b13ff0b8	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
yottamaster	dm2_firmware	*
yottamaster	dm2	-
yottamaster	dm3_firmware	*
yottamaster	dm3	-
yottamaster	dm200_firmware	*
yottamaster	dm200	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yottamaster:dm2_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E4F17D-9089-4146-A0C0-DA48ADC7C71C",
              "versionEndIncluding": "1.9.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yottamaster:dm2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF6172E9-B80A-489C-970F-E0254724132A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yottamaster:dm3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9A6FCF0-2DCC-4751-96DA-9E026E6A1BDE",
              "versionEndIncluding": "1.9.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yottamaster:dm3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F0D4AB6-5016-4A21-BF67-AA71A973B5D7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:yottamaster:dm200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "078B8015-705B-49C6-822A-4DB1A140A748",
              "versionEndIncluding": "1.2.23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:yottamaster:dm200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B568139C-FF61-4CF2-95B7-718517D0FF46",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
    }
  ],
  "id": "CVE-2025-14224",
  "lastModified": "2025-12-12T12:34:27.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-12-08T09:15:46.273",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.334666"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.334666"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.701673"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.notion.so/2b76cf4e528a80f6ae50fe21b13ff0b8"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.notion.so/Yottamaster-NAS-Unauth-Operation-2b76cf4e528a80f6ae50fe21b13ff0b8"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

CVE-2025-14224 (GCVE-0-2025-14224)

Vulnerability from cvelistv5 – Published: 2025-12-08 08:32 – Updated: 2025-12-08 14:03

Title

Yottamaster DM2/DM3/DM200 File Upload path traversal

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

4.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

CWE

CWE-22 - Path Traversal

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.334666	vdb-entry
	https://vuldb.com/?ctiid.334666	signaturepermissions-required
	https://vuldb.com/?submit.701673	third-party-advisory
	https://www.notion.so/2b76cf4e528a80f6ae50fe21b13ff0b8	exploit

Impacted products

Vendor

Product

Version

Yottamaster

DM2

Affected: 1.2.0
Affected: 1.2.1
Affected: 1.2.2
Affected: 1.2.3
Affected: 1.2.4
Affected: 1.2.5
Affected: 1.2.6
Affected: 1.2.7
Affected: 1.2.8
Affected: 1.2.9
Affected: 1.2.10
Affected: 1.2.11
Affected: 1.2.12
Affected: 1.2.13
Affected: 1.2.14
Affected: 1.2.15
Affected: 1.2.16
Affected: 1.2.17
Affected: 1.2.18
Affected: 1.2.19
Affected: 1.2.20
Affected: 1.2.21
Affected: 1.2.22
Affected: 1.2.23
Affected: 1.9.0
Affected: 1.9.1
Affected: 1.9.2
Affected: 1.9.3
Affected: 1.9.4
Affected: 1.9.5
Affected: 1.9.6
Affected: 1.9.7
Affected: 1.9.8
Affected: 1.9.9
Affected: 1.9.10
Affected: 1.9.11
Affected: 1.9.12

	Yottamaster	DM3	Affected: 1.2.0 Affected: 1.2.1 Affected: 1.2.2 Affected: 1.2.3 Affected: 1.2.4 Affected: 1.2.5 Affected: 1.2.6 Affected: 1.2.7 Affected: 1.2.8 Affected: 1.2.9 Affected: 1.2.10 Affected: 1.2.11 Affected: 1.2.12 Affected: 1.2.13 Affected: 1.2.14 Affected: 1.2.15 Affected: 1.2.16 Affected: 1.2.17 Affected: 1.2.18 Affected: 1.2.19 Affected: 1.2.20 Affected: 1.2.21 Affected: 1.2.22 Affected: 1.2.23 Affected: 1.9.0 Affected: 1.9.1 Affected: 1.9.2 Affected: 1.9.3 Affected: 1.9.4 Affected: 1.9.5 Affected: 1.9.6 Affected: 1.9.7 Affected: 1.9.8 Affected: 1.9.9 Affected: 1.9.10 Affected: 1.9.11 Affected: 1.9.12
	Yottamaster	DM200	Affected: 1.2.0 Affected: 1.2.1 Affected: 1.2.2 Affected: 1.2.3 Affected: 1.2.4 Affected: 1.2.5 Affected: 1.2.6 Affected: 1.2.7 Affected: 1.2.8 Affected: 1.2.9 Affected: 1.2.10 Affected: 1.2.11 Affected: 1.2.12 Affected: 1.2.13 Affected: 1.2.14 Affected: 1.2.15 Affected: 1.2.16 Affected: 1.2.17 Affected: 1.2.18 Affected: 1.2.19 Affected: 1.2.20 Affected: 1.2.21 Affected: 1.2.22 Affected: 1.2.23 Affected: 1.9.0 Affected: 1.9.1 Affected: 1.9.2 Affected: 1.9.3 Affected: 1.9.4 Affected: 1.9.5 Affected: 1.9.6 Affected: 1.9.7 Affected: 1.9.8 Affected: 1.9.9 Affected: 1.9.10 Affected: 1.9.11 Affected: 1.9.12

Credits

rgyue (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-14224",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-08T14:03:09.371169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-08T14:03:14.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.notion.so/Yottamaster-NAS-Unauth-Operation-2b76cf4e528a80f6ae50fe21b13ff0b8"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "File Upload"
          ],
          "product": "DM2",
          "vendor": "Yottamaster",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.2.1"
            },
            {
              "status": "affected",
              "version": "1.2.2"
            },
            {
              "status": "affected",
              "version": "1.2.3"
            },
            {
              "status": "affected",
              "version": "1.2.4"
            },
            {
              "status": "affected",
              "version": "1.2.5"
            },
            {
              "status": "affected",
              "version": "1.2.6"
            },
            {
              "status": "affected",
              "version": "1.2.7"
            },
            {
              "status": "affected",
              "version": "1.2.8"
            },
            {
              "status": "affected",
              "version": "1.2.9"
            },
            {
              "status": "affected",
              "version": "1.2.10"
            },
            {
              "status": "affected",
              "version": "1.2.11"
            },
            {
              "status": "affected",
              "version": "1.2.12"
            },
            {
              "status": "affected",
              "version": "1.2.13"
            },
            {
              "status": "affected",
              "version": "1.2.14"
            },
            {
              "status": "affected",
              "version": "1.2.15"
            },
            {
              "status": "affected",
              "version": "1.2.16"
            },
            {
              "status": "affected",
              "version": "1.2.17"
            },
            {
              "status": "affected",
              "version": "1.2.18"
            },
            {
              "status": "affected",
              "version": "1.2.19"
            },
            {
              "status": "affected",
              "version": "1.2.20"
            },
            {
              "status": "affected",
              "version": "1.2.21"
            },
            {
              "status": "affected",
              "version": "1.2.22"
            },
            {
              "status": "affected",
              "version": "1.2.23"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.9.2"
            },
            {
              "status": "affected",
              "version": "1.9.3"
            },
            {
              "status": "affected",
              "version": "1.9.4"
            },
            {
              "status": "affected",
              "version": "1.9.5"
            },
            {
              "status": "affected",
              "version": "1.9.6"
            },
            {
              "status": "affected",
              "version": "1.9.7"
            },
            {
              "status": "affected",
              "version": "1.9.8"
            },
            {
              "status": "affected",
              "version": "1.9.9"
            },
            {
              "status": "affected",
              "version": "1.9.10"
            },
            {
              "status": "affected",
              "version": "1.9.11"
            },
            {
              "status": "affected",
              "version": "1.9.12"
            }
          ]
        },
        {
          "modules": [
            "File Upload"
          ],
          "product": "DM3",
          "vendor": "Yottamaster",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.2.1"
            },
            {
              "status": "affected",
              "version": "1.2.2"
            },
            {
              "status": "affected",
              "version": "1.2.3"
            },
            {
              "status": "affected",
              "version": "1.2.4"
            },
            {
              "status": "affected",
              "version": "1.2.5"
            },
            {
              "status": "affected",
              "version": "1.2.6"
            },
            {
              "status": "affected",
              "version": "1.2.7"
            },
            {
              "status": "affected",
              "version": "1.2.8"
            },
            {
              "status": "affected",
              "version": "1.2.9"
            },
            {
              "status": "affected",
              "version": "1.2.10"
            },
            {
              "status": "affected",
              "version": "1.2.11"
            },
            {
              "status": "affected",
              "version": "1.2.12"
            },
            {
              "status": "affected",
              "version": "1.2.13"
            },
            {
              "status": "affected",
              "version": "1.2.14"
            },
            {
              "status": "affected",
              "version": "1.2.15"
            },
            {
              "status": "affected",
              "version": "1.2.16"
            },
            {
              "status": "affected",
              "version": "1.2.17"
            },
            {
              "status": "affected",
              "version": "1.2.18"
            },
            {
              "status": "affected",
              "version": "1.2.19"
            },
            {
              "status": "affected",
              "version": "1.2.20"
            },
            {
              "status": "affected",
              "version": "1.2.21"
            },
            {
              "status": "affected",
              "version": "1.2.22"
            },
            {
              "status": "affected",
              "version": "1.2.23"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.9.2"
            },
            {
              "status": "affected",
              "version": "1.9.3"
            },
            {
              "status": "affected",
              "version": "1.9.4"
            },
            {
              "status": "affected",
              "version": "1.9.5"
            },
            {
              "status": "affected",
              "version": "1.9.6"
            },
            {
              "status": "affected",
              "version": "1.9.7"
            },
            {
              "status": "affected",
              "version": "1.9.8"
            },
            {
              "status": "affected",
              "version": "1.9.9"
            },
            {
              "status": "affected",
              "version": "1.9.10"
            },
            {
              "status": "affected",
              "version": "1.9.11"
            },
            {
              "status": "affected",
              "version": "1.9.12"
            }
          ]
        },
        {
          "modules": [
            "File Upload"
          ],
          "product": "DM200",
          "vendor": "Yottamaster",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.0"
            },
            {
              "status": "affected",
              "version": "1.2.1"
            },
            {
              "status": "affected",
              "version": "1.2.2"
            },
            {
              "status": "affected",
              "version": "1.2.3"
            },
            {
              "status": "affected",
              "version": "1.2.4"
            },
            {
              "status": "affected",
              "version": "1.2.5"
            },
            {
              "status": "affected",
              "version": "1.2.6"
            },
            {
              "status": "affected",
              "version": "1.2.7"
            },
            {
              "status": "affected",
              "version": "1.2.8"
            },
            {
              "status": "affected",
              "version": "1.2.9"
            },
            {
              "status": "affected",
              "version": "1.2.10"
            },
            {
              "status": "affected",
              "version": "1.2.11"
            },
            {
              "status": "affected",
              "version": "1.2.12"
            },
            {
              "status": "affected",
              "version": "1.2.13"
            },
            {
              "status": "affected",
              "version": "1.2.14"
            },
            {
              "status": "affected",
              "version": "1.2.15"
            },
            {
              "status": "affected",
              "version": "1.2.16"
            },
            {
              "status": "affected",
              "version": "1.2.17"
            },
            {
              "status": "affected",
              "version": "1.2.18"
            },
            {
              "status": "affected",
              "version": "1.2.19"
            },
            {
              "status": "affected",
              "version": "1.2.20"
            },
            {
              "status": "affected",
              "version": "1.2.21"
            },
            {
              "status": "affected",
              "version": "1.2.22"
            },
            {
              "status": "affected",
              "version": "1.2.23"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.9.2"
            },
            {
              "status": "affected",
              "version": "1.9.3"
            },
            {
              "status": "affected",
              "version": "1.9.4"
            },
            {
              "status": "affected",
              "version": "1.9.5"
            },
            {
              "status": "affected",
              "version": "1.9.6"
            },
            {
              "status": "affected",
              "version": "1.9.7"
            },
            {
              "status": "affected",
              "version": "1.9.8"
            },
            {
              "status": "affected",
              "version": "1.9.9"
            },
            {
              "status": "affected",
              "version": "1.9.10"
            },
            {
              "status": "affected",
              "version": "1.9.11"
            },
            {
              "status": "affected",
              "version": "1.9.12"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "rgyue (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-08T08:32:06.058Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-334666 | Yottamaster DM2/DM3/DM200 File Upload path traversal",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.334666"
        },
        {
          "name": "VDB-334666 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.334666"
        },
        {
          "name": "Submit #701673 | Yottamaster DM200 V1.2.23 Vertical Privilege Escalation",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.701673"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://www.notion.so/2b76cf4e528a80f6ae50fe21b13ff0b8"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-07T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-07T16:41:04.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Yottamaster DM2/DM3/DM200 File Upload path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-14224",
    "datePublished": "2025-12-08T08:32:06.058Z",
    "dateReserved": "2025-12-07T15:35:49.584Z",
    "dateUpdated": "2025-12-08T14:03:14.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-14224

CVE-2025-14224 (GCVE-0-2025-14224)

Tags

Sightings

Nomenclature