Cyber Resilience

CVE-2025-41714

High

Published: 10 September 2025

Published
10 September 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0119 79.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41714 is a high-severity Path Traversal (CWE-22) vulnerability in Certvde (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Deeper analysis

The vulnerability CVE-2025-41714 is a path traversal flaw (CWE-22) in an upload endpoint that fails to properly validate the Upload-Key request header. An authenticated attacker can supply traversal sequences that cause upload-related artifacts to be written outside the intended storage directory. In certain configurations this can result in arbitrary file write and may be escalated to remote code execution. The issue carries a CVSS 3.1 base score of 8.8.

An authenticated remote attacker can exploit the weakness over the network without user interaction by crafting malicious Upload-Key headers. Successful exploitation grants the ability to place files in arbitrary locations on the server, potentially leading to full compromise of confidentiality, integrity, and availability.

The sole referenced advisory is VDE-2025-085 published by CERT@VDE; it contains the authoritative guidance on affected products and any available mitigations or patches.

EPSS remains flat at 0.0119 with no material increase since disclosure.

EU & UK References

Vulnerability details

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may…

more

be leveraged to achieve remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Path traversal in public upload endpoint directly enables remote exploitation of server app (T1190) and arbitrary file writes for tool ingress (T1105) or web shell deployment (T1505.003) leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-7411Shared CWE-22
CVE-2026-36767Shared CWE-22
CVE-2026-5027Shared CWE-22
CVE-2025-2707Shared CWE-22
CVE-2025-2363Shared CWE-22
CVE-2025-1661Shared CWE-22
CVE-2026-33529Shared CWE-22
CVE-2026-9550Shared CWE-22
CVE-2024-44373Shared CWE-22
CVE-2019-25471Shared CWE-22

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the 'Upload-Key' request header to block path traversal sequences and confine uploads to intended storage.

prevent

Enforces restrictions on 'Upload-Key' inputs such as allowed characters and patterns to prevent traversal payloads like '../'.

prevent

Mandates enforcement of access controls to restrict file creation and writes to authorized storage locations only.

References