How severe is CVE-2025-43716?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2025-43716?

This is classified as CWE-180, which is a common weakness in software security.

CVE-2025-43716

MEDIUM Year: 2025

CVSS v3 Score

5.8

Medium

Weakness Type

CWE-180

View all →

Vulnerability Description

A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints such as /client/index.php%3F.php/gsb/firewall.php within the management web panel, potentially exposing sensitive device information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2022-26136

CRITICAL

CVSS:9.8(Critical)

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by e...

CWE-1802022

CVE-2022-26137

HIGH

CVSS:8.8(High)

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassi...

CWE-1802022

CVE-2024-28607

LOW

CVSS:2.9(Low)

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via a falsy isPrivate return value.

CWE-1802024

CVE-2025-43716

Vulnerability Description

Related Vulnerabilities

CVE-2022-26136

CVE-2022-26137

CVE-2024-28607