216.73.217.86

CVE-2025-40898

· Published 18/12/2025 14:15 · Modified 18/12/2025 15:07

Labels: CVE-2025-40898 2025-12-18CVE-2025-40898[email protected]

Essential information

Published
18/12/2025 14:15
Modified
18/12/2025 15:07
Author
Creator
CVSS
7.2 HIGH (v3) 7.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.

NVD status

Status
Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

References