Cyber Resilience

CVE-2025-65792

CriticalPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
17 December 2025
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0029 52.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65792 is a critical-severity Path Traversal (CWE-22) vulnerability in Datagear Datagear. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 47.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-65792 is an arbitrary file deletion vulnerability affecting DataGear version 5.5.0. Classified under CWE-22 (path traversal), it carries a CVSS v3.1 base score of 9.1 (Critical), with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, indicating no confidentiality impact but high integrity and availability impacts.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary file deletion on the target system, potentially disrupting service availability and compromising data integrity by removing critical files.

For mitigation details, refer to the vendor advisories and references, including the GitHub issue at https://github.com/X3J1n/datagear/issues/1 and the Gist PoC at https://gist.github.com/X3J1n/82b047efdbfd74c414a6d63339ad12fb.

EU & UK References

Vulnerability details

DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
Why these techniques?

Unauthenticated remote exploitation of a public-facing web application (T1190) enables arbitrary file deletion on the target system (T1070.004), directly impacting integrity and availability.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3666Shared CWE-22
CVE-2018-25308Shared CWE-22
CVE-2026-22460Shared CWE-22
CVE-2025-69377Shared CWE-22
CVE-2025-14850Shared CWE-22
CVE-2025-26752Shared CWE-22
CVE-2026-4350Shared CWE-22
CVE-2026-4758Shared CWE-22
CVE-2026-0704Shared CWE-22
CVE-2025-66251Shared CWE-22

Affected Assets

datagear
datagear
5.5.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of user inputs to block path traversal sequences that enable arbitrary file deletion in DataGear v5.5.0.

prevent

Establishes processes to identify, prioritize, and remediate flaws like this critical path traversal vulnerability promptly.

prevent

Enforces restrictions on inputs at application boundaries to limit file paths to authorized locations, preventing arbitrary deletions.

References