CVE-2025-1035

Medium

Published: 18 February 2025

Published

18 February 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.6769 98.6th percentile

Risk Priority 52 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1035 is a medium-severity Path Traversal (CWE-22) vulnerability in Klogserver (inferred from references). Its CVSS base score is 5.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 1.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the path traversal vulnerability by requiring validation of web inputs to file system calls to prevent directory boundary traversal.

SI-2 Flaw Remediation good match

prevent

Mitigates the vulnerability through timely identification, reporting, and correction of the specific flaw fixed in KLog Server 3.1.1.

AC-3 Access Enforcement partial match

prevent

Enforces access restrictions to limit unauthorized reading of sensitive files outside intended directories even if input validation fails.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

Why these techniques?

Path traversal (CWE-22) directly enables unauthorized reading of arbitrary local files, facilitating Data from Local System and access to Credentials In Files.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Komtera Technolgies KLog Server allows Manipulating Web Input to File System Calls.This issue affects KLog Server: before 3.1.1.

Deeper analysisAI

CVE-2025-1035 is an Improper Limitation of a Pathname to a Restricted Directory vulnerability, classified under CWE-22 (Path Traversal), affecting Komtera Technologies KLog Server versions prior to 3.1.1. The flaw arises from insufficient validation of web inputs passed to file system calls, enabling attackers to traverse directory boundaries and access files outside intended paths. Published on 2025-02-18 with a CVSS v3.1 base score of 5.7 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N), it poses a moderate risk primarily due to its high confidentiality impact.

Exploitation requires an attacker to have low privileges (PR:L) and access to the adjacent network (AV:A), with low attack complexity and no user interaction needed. Successful attacks allow unauthorized reading of sensitive files (high confidentiality impact) but do not enable modification or denial of service.

Mitigation is addressed in KLog Server version 3.1.1, as detailed in the vendor's release notes at https://www.klogserver.com/surum-notlari/3-1-1/. Additional guidance is provided in the USOM advisory at https://www.usom.gov.tr/bildirim/tr-25-0037, recommending immediate updates for affected systems.