Arbitrary File Read and Delete via Path Traversal in WaveStore...

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any file on the server using path traversal in the ilog script. This script is being run with root privileges.

This issue was fixed in version 6.44.44

AI Analysis

Arbitrary file read and delete vulnerability via path traversal in WaveStore Server

Basic Information

ID CVE-2025-65076

Source CERT-PL

Published Dec 16, 2025 at 12:25

Affected Product

Vendor WaveStore

Product WaveStore Server

Affected Versions WaveStore WaveStore Server 0

CWE Classification

CWE-22

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor WaveStore

Product WaveStore Server

Version < 6.44.44

References

{
    "lastseen": "",
    "description": "WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any file on the server using path traversal in the ilog script. This script is being run with root privileges.\n\nThis issue was fixed in version 6.44.44",
    "published": "2025-12-16T12:25:24.801Z",
    "modified": "2025-12-16T12:25:24.801Z",
    "type": "cve",
    "title": "Arbitrary File Read and Delete via Path Traversal in WaveStore Server",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2025/12/CVE-2025-65074\nhttps://www.wavestore.com/products/video-management-software",
    "id": "CVE-2025-65076",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "WaveStore WaveStore Server 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WaveStore Server",
    "version": "0",
    "vendor": "WaveStore",
    "ai_description": "Arbitrary file read and delete vulnerability via path traversal in WaveStore Server",
    "ai_severity": "High",
    "ai_vendor": "WaveStore",
    "ai_product": "WaveStore Server",
    "ai_version": "< 6.44.44",
    "ai_score": 8.6
}

Arbitrary File Read and Delete via Path Traversal in WaveStore Server_CVE-2025-65076