How severe is CVE-2025-27615?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2025-27615?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2025-27615 - HIGH Severity | CVSS 8.2

Vulnerability Description

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.

Related Vulnerabilities

CVE-2018-9275

HIGH

CVSS:8.2(High)

In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosur...

CWE-2002018

CVE-2019-4437

HIGH

CVSS:8.2(High)

IBM API Connect 2018.1 through 2018.4.1.6 may inadvertently leak sensitive details about internal servers and network via API swagger. IBM X-force ID: 162947.

CWE-2002019

CVE-2020-4927

HIGH

CVSS:8.2(High)

A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: ...

CWE-2002020

CVE-2022-1774

HIGH

CVSS:8.2(High)

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.

CWE-2002022

CVE-2022-31112

HIGH

CVSS:8.2(High)

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing...

CWE-2002022

CVE-2022-39258

HIGH

CVSS:8.2(High)

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attac...

CWE-2002022