How severe is CVE-2025-44021?

This vulnerability has a severity rating of LOW with a CVSS score of 2.8 out of 10.

What type of vulnerability is CVE-2025-44021?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2025-44021 - LOW Severity | CVSS 2.8

Vulnerability Description

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned as a node owner can provide a path to any local file (readable by ironic-conductor), which may then be written to the target node disk. This is difficult to exploit in practice, because a node deployed in this manner should never reach the ACTIVE state, but it still represents a danger in environments running with non-default, insecure configurations such as with automated cleaning disabled. The fixed versions are 24.1.3, 26.1.1, and 29.0.1.

Related Vulnerabilities

CVE-2023-25186

LOW

CVSS:2.8(Low)

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. If/when CSP (as a BTS administrator) removes security hardenings from a Nokia Single RAN BTS baseband unit, a directory p...

CWE-222023

CVE-2023-41825

LOW

CVSS:2.8(Low)

A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files.

CWE-222023

CVE-2016-1212

LOW

CVSS:2.7(Low)

Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors.

CWE-222016

CVE-2016-3972

LOW

CVSS:2.7(Low)

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

CWE-222016

CVE-2018-16237

LOW

CVSS:2.7(Low)

An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI.

CWE-222018

CVE-2019-9889

LOW

CVSS:2.7(Low)

In Vanilla before 2.6.4, a flaw exists within the getSingleIndex function of the AddonManager class. The issue results in a require call using a crafted type value, leading to Directory Traversal with...

CWE-222019