CVE-2025-14704
Published: 15 December 2025
Summary
CVE-2025-14704 is a high-severity Path Traversal (CWE-22) vulnerability in Sgwbox N3 Firmware. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 48.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates path traversal vulnerability by requiring validation of API inputs in /eshell to reject malicious path sequences like '../'.
Boundary protection at external interfaces protects the publicly accessible API endpoint from remote unauthenticated path traversal attacks via inspection and filtering.
Least privilege limits the file system access of the vulnerable API component, reducing the impact of successful directory traversal exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in unauthenticated public-facing API (/eshell) enables exploitation of public-facing application (T1190), arbitrary file reads for data from local system (T1005), and direct volume access bypassing restrictions (T1006) as mapped by advisory; also facilitates arbitrary writes.
NVD Description
A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit…
more
has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-14704 is a path traversal vulnerability (CWE-22) in Shiguangwu sgwbox N3 version 2.0.25. The issue affects an unknown function in the /eshell file of the API component, allowing manipulation that enables directory traversal attacks.
The vulnerability carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), meaning it can be exploited remotely by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation results in low-level impacts on confidentiality, integrity, and availability, such as unauthorized file access, modification, or disruption via path traversal.
Advisories from VulDB indicate the vendor was contacted early about the disclosure but provided no response, and no patches or mitigations are referenced. The exploit has been made public, increasing the risk of active use. Additional details appear in VulDB entries (ctiid.336421, id.336421, submit.706915) and a Notion page on sgwbox NAS N3 directory traversal. The CVE was published on 2025-12-15.
Details
- CWE(s)