CVE-2023-7327
Published: 12 November 2025
Summary
CVE-2023-7327 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 8.7 (High).
Operationally, ranked in the top 4.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability tracked as CVE-2023-7327 and assigned CWE-22. The flaw permits URL-encoded directory traversal sequences in requests to the gateway, enabling an attacker to retrieve arbitrary files from the underlying filesystem using the service account privileges and resulting in exposure of sensitive information. The vulnerability carries a CVSS 4.0 score of 8.7 reflecting network attack vector, low complexity, and no required authentication or user interaction.
An unauthenticated remote attacker can exploit the issue by submitting crafted HTTP requests containing traversal sequences to read configuration files, credentials, or other sensitive data stored on the host. Successful exploitation yields direct disclosure of information without needing prior access or elevated privileges on the target system. The current EPSS score of 0.1764 shows no material increase from its recorded peak.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-60056
Vulnerability details
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service,…
more
leading to disclosure of sensitive information.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.