Cyber Posture

CVE-2025-65792

CriticalPublic PoC

Published: 10 December 2025

Published
10 December 2025
Modified
17 December 2025
KEV Added
Patch
CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0026 49.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65792 is a critical-severity Path Traversal (CWE-22) vulnerability in Datagear Datagear. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 49.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of user inputs to block path traversal sequences that enable arbitrary file deletion in DataGear v5.5.0.

SI-2 Flaw Remediation good match
prevent

Establishes processes to identify, prioritize, and remediate flaws like this critical path traversal vulnerability promptly.

SI-9 Information Input Restrictions good match
prevent

Enforces restrictions on inputs at application boundaries to limit file paths to authorized locations, preventing arbitrary deletions.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
Why these techniques?

Unauthenticated remote exploitation of a public-facing web application (T1190) enables arbitrary file deletion on the target system (T1070.004), directly impacting integrity and availability.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.

Deeper analysisAI

CVE-2025-65792 is an arbitrary file deletion vulnerability affecting DataGear version 5.5.0. Classified under CWE-22 (path traversal), it carries a CVSS v3.1 base score of 9.1 (Critical), with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, indicating no confidentiality impact but high integrity and availability impacts.

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary file deletion on the target system, potentially disrupting service availability and compromising data integrity by removing critical files.

For mitigation details, refer to the vendor advisories and references, including the GitHub issue at https://github.com/X3J1n/datagear/issues/1 and the Gist PoC at https://gist.github.com/X3J1n/82b047efdbfd74c414a6d63339ad12fb.

Details

CWE(s)
CWE-22

Affected Products

datagear
datagear
5.5.0

CVEs Like This One

CVE-2026-34728Shared CWE-22
CVE-2025-14850Shared CWE-22
CVE-2025-4828Shared CWE-22
CVE-2026-3666Shared CWE-22
CVE-2025-14344Shared CWE-22
CVE-2026-6832Shared CWE-22
CVE-2025-6439Shared CWE-22
CVE-2025-2742Shared CWE-22
CVE-2026-0704Shared CWE-22
CVE-2025-27786Shared CWE-22

References