Cyber Resilience

CVE-2025-41723

Critical

Published: 22 October 2025

Published
22 October 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0018 38.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-41723 is a critical-severity Path Traversal: '.../...//' (CWE-35) vulnerability in Certvde (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 38.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-41723 is a directory traversal vulnerability in the importFile SOAP method, enabling an unauthenticated remote attacker to bypass path restrictions and upload files to arbitrary locations on the affected system. Published on 2025-10-22 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), it is associated with CWE-35 (Path Traversal).

An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows arbitrary file uploads, potentially leading to high confidentiality, integrity, and availability impacts, such as overwriting critical files or deploying malicious payloads.

For mitigation details, refer to the vendor advisory at https://sauter.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-060.json.

EU & UK References

Vulnerability details

The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is a directory traversal in a public-facing SOAP web service (importFile method), enabling unauthenticated remote arbitrary file uploads, which directly maps to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24685Shared CWE-35
CVE-2025-42937Shared CWE-35
CVE-2026-25397Shared CWE-35
CVE-2025-25122Shared CWE-35
CVE-2024-49249Shared CWE-35
CVE-2025-59793Shared CWE-35
CVE-2025-67914Shared CWE-35
CVE-2026-7302Shared CWE-35
CVE-2026-25705Shared CWE-35
CVE-2025-26354Shared CWE-35

Affected Assets

Certvde
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates directory traversal in the importFile SOAP method by validating file path inputs to block bypass of path restrictions and prevent arbitrary file uploads.

prevent

Limits permitted actions without authentication, preventing unauthenticated remote attackers from accessing and exploiting the vulnerable importFile SOAP method.

prevent

Enforces approved authorizations for access to system resources, blocking file writes to arbitrary locations even if path traversal inputs are processed.

References