CVE-2025-41714

High

Published: 10 September 2025

Published

10 September 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0090 75.8th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41714 is a high-severity Path Traversal (CWE-22) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 24.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of the 'Upload-Key' request header to block path traversal sequences and confine uploads to intended storage.

SI-9 Information Input Restrictions good match

prevent

Enforces restrictions on 'Upload-Key' inputs such as allowed characters and patterns to prevent traversal payloads like '../'.

AC-3 Access Enforcement partial match

prevent

Mandates enforcement of access controls to restrict file creation and writes to authorized storage locations only.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1105 Ingress Tool Transfer Command And Control

Adversaries may transfer tools or other files from an external system into a compromised environment.

attack.mitre.org →

T1505.003 Web Shell Persistence

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

attack.mitre.org →

Why these techniques?

Path traversal in public upload endpoint directly enables remote exploitation of server app (T1190) and arbitrary file writes for tool ingress (T1105) or web shell deployment (T1505.003) leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may…

be leveraged to achieve remote code execution.

Deeper analysisAI

CVE-2025-41714 is a path traversal vulnerability (CWE-22) affecting the upload endpoint in an unspecified server component. The endpoint fails to sufficiently validate the 'Upload-Key' request header, enabling attackers to inject path traversal sequences. This causes the server to create upload-related artifacts outside the intended storage location. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-09-10.

An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required. Successful exploitation allows the creation of files outside designated storage areas. In certain configurations, this escalates to arbitrary file writes, which may be further leveraged to achieve remote code execution.

Mitigation details are available in the advisory published by CERT VDE at https://certvde.com/de/advisories/VDE-2025-085.