KEVIntel
Back to KEVs
7.2
CVSS
High

CVE-2025-27920

PUBLISHED

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Srimax
Product
Output Messenger
Published
May 05, 2025
EPSS
65.2% · 98% pctl

Description

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

cisa

CVSS scores

CVSS v3.1 7.2 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Exploitation status

Exploited in the wild

Recorded 2025-05-21 13:10:47 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE May 21, 2025

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel