CVE-2025-3718 PUBLISHED

Client-side path traversal in Guardian/CMC before 25.2.0

Assigner: Nozomi
Reserved: 16.04.2025 Published: 07.10.2025 Updated: 07.10.2025

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.

CVSS Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:L/VI:H/VA:H/SC:L/SI:L/SA:L
CVSS Score: 5.8

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	Low	Confidentiality	Low
Attack Complexity	High	Integrity	High	Integrity	Low
Attack Requirements	None	Availability	High	Availability	Low
Privileges Required	Low
User Interaction	Active

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:H
CVSS Score: 7.9

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	High
User Interaction	Required	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Nozomi Networks
Product	Guardian
Versions	Default: unaffected affected from 0 to 25.2.0 (excl.)

Vendor	Nozomi Networks
Product	CMC
Versions	Default: unaffected affected from 0 to 25.2.0 (excl.)

Workarounds

Apply care when opening untrusted links or visiting external websites while an authenticated session to the web management interface is established.

Solutions

Upgrade to v25.2.0 or later.

Credits

This issue was found by Stefano Libero and Andrea Palanca of Nozomi Networks Product Security team during an internal investigation. finder

References

https://security.nozominetworks.com/NN-2025:4-01

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE

Impacts

CAPEC-63 Cross-Site Scripting (XSS)