SecuriTricks - CVE-2025-65287

Description

An unauthenticated directory traversal vulnerability in cgi-bin/upload.cgi in SNMP Web Pro 1.1 allows a remote attacker to read arbitrary files. The CGI concatenates the user-supplied params directly onto the base path (/var/www/files/userScript/) using memcpy + strcat without validation or canonicalization, enabling ../ sequences to escape the intended directory. The download branch also echoes the unsanitized params into Content-Disposition, introducing header-injection risk.

Product(s) Impacted

Vendor	Product	Versions
Cdpenergy	Snmp Web Pro Firmware Snmp Web Pro	1.1 -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	cdpenergy	snmp_web_pro_firmware	1.1	/	/	/	/	/	/	/
h	cdpenergy	snmp_web_pro	-	/	/	/	/	/	/	/

References

https://damiri.fr/en/cve/CVE-2025-65287

CVSS Score

4.3 / 10

CVSS Data - 3.1

Attack Vector: ADJACENT_NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

View Vector String

Timeline

Published: Dec. 9, 2025, 4:18 p.m.
Last Modified: Dec. 15, 2025, 8:15 p.m.

Status : Modified

CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.

More info

Source

cve@mitre.org

CVE-2025-65287