Galaxy Software Services｜Vitals ESP – Arbitrary File Read_CVE-2025-14253

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Basic Information

ID CVE-2025-14253

Source twcert

Published Dec 8, 2025 at 07:38

Affected Product

Vendor Galaxy Software Services

Product Vitals ESP

Affected Versions Galaxy Software Services Vitals ESP 0

CWE Classification

CWE-36

References

{
    "lastseen": "",
    "description": "Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.",
    "published": "2025-12-08T07:38:09.479Z",
    "modified": "2025-12-08T07:38:09.479Z",
    "type": "cve",
    "title": "Galaxy Software Services\uff5cVitals ESP - Arbitrary File Read",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10542-4c682-1.html\nhttps://www.twcert.org.tw/en/cp-139-10543-380bd-2.html",
    "id": "CVE-2025-14253",
    "bulletinFamily": "",
    "cwe": [
        "CWE-36"
    ],
    "cvelist": null,
    "sourceData": "Galaxy Software Services Vitals ESP 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vitals ESP",
    "version": "0",
    "vendor": "Galaxy Software Services",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}