CVE-2025-32409

HIGH Year: 2025
CVSS v3 Score
8.1
High
Weakness Type
CWE-23
View all →

Vulnerability Description

Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency.

Related Vulnerabilities

CVE-2018-10615

HIGH
CVSS:8.1(High)

Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.

CWE-232018

CVE-2019-3943

HIGH
CVSS:8.1(High)

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox...

CWE-232019

CVE-2021-41242

HIGH
CVSS:8.1(High)

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a pa...

CWE-232021

CVE-2022-21177

HIGH
CVSS:8.1(High)

There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4....

CWE-232022

CVE-2022-41335

HIGH
CVSS:8.1(High)

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.10, FortiProxy version 7.2.0 through 7.2.1, 7.0.0 through 7.0.7 and...

CWE-232022

CVE-2023-1045

HIGH
CVSS:8.1(High)

A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the...

CWE-232023