Cyber Posture

CVE-2025-0332

High

Published: 12 February 2025

Published
12 February 2025
Modified
03 July 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0019 41.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0332 is a high-severity Path Traversal (CWE-22) vulnerability in Progress Telerik Ui For Winforms. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 41.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the path traversal vulnerability by requiring timely application of vendor patches to Telerik UI for WinForms versions prior to 2025 Q1.

SI-10 Information Input Validation good match
prevent

Enforces validation of archive target paths to block improper path traversal during decompression into restricted directories.

RA-5 Vulnerability Monitoring and Scanning good match
preventdetect

Scans for and identifies vulnerable installations of Telerik UI for WinForms, enabling remediation of this specific CVE.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Path traversal in archive extraction enables client-side exploitation via a malicious file provided to the user.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.

Deeper analysisAI

CVE-2025-0332 is a path traversal vulnerability (CWE-22) in Progress Telerik UI for WinForms, affecting versions prior to 2025 Q1 (2025.1.211). The issue arises from improper limitation of a target path, which can enable the decompression of an archive's content into a restricted directory. Published on 2025-02-12, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A local attacker can exploit this vulnerability with low attack complexity and no required privileges, but user interaction is necessary. By providing a malicious archive, the attacker can trick a user into decompressing it via the affected component, allowing arbitrary file placement in restricted directories and resulting in high impacts to confidentiality, integrity, and availability.

The Telerik knowledge base advisory at https://docs.telerik.com/devtools/winforms/knowledge-base/kb-security-path-traversal-cve-2025-0332 provides details on the issue, with mitigation achieved by updating to Telerik UI for WinForms 2025 Q1 (2025.1.211) or later.

Details

CWE(s)
CWE-22

Affected Products

progress
telerik ui for winforms
≤ 2025.1.211

CVEs Like This One

CVE-2024-11343Same vendor: Progress
CVE-2025-10284Shared CWE-22
CVE-2026-40157Shared CWE-22
CVE-2026-40027Shared CWE-22
CVE-2026-5656Shared CWE-22
CVE-2026-40491Shared CWE-22
CVE-2026-30853Shared CWE-22
CVE-2026-28373Shared CWE-22
CVE-2025-2449Shared CWE-22
CVE-2026-3518Same vendor: Progress

References