Cyber Resilience

CVE-2025-68916

CriticalPublic PoC

Published: 24 December 2025

Published
24 December 2025
Modified
02 January 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0225 80.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68916 is a critical-severity Path Traversal: '/../filedir' (CWE-25) vulnerability in Riello-Ups Netman 208. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-68916 is a directory traversal vulnerability affecting the Riello UPS NetMan 208 Application in versions before 1.12. The issue resides in the cgi-bin/certsupload.cgi endpoint, which permits path traversal via /../ sequences during file uploads, enabling arbitrary file placement and resultant remote code execution. It is classified under CWE-25 (Path Traversal: '.../...') and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), with a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

The vulnerability can be exploited by a privileged user (PR:H) over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Successful exploitation allows the attacker to upload malicious files to arbitrary locations, leading to code execution on the target system. This results in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), compounded by a change in scope (S:C) that amplifies the attack surface.

Mitigation details are available in the advisory published at https://github.com/gerico-lab/riello-multiple-vulnerabilities-2025, which covers this and related Riello vulnerabilities.

EU & UK References

Vulnerability details

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Directory traversal in web CGI endpoint enables arbitrary file upload and RCE on network-accessible application, directly facilitating exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-39786Shared CWE-22
CVE-2026-6282Shared CWE-22
CVE-2026-8755Shared CWE-22
CVE-2026-2448Shared CWE-22
CVE-2026-2953Shared CWE-22
CVE-2026-4619Shared CWE-22
CVE-2026-24479Shared CWE-22
CVE-2025-7360Shared CWE-22
CVE-2025-70231Shared CWE-22
CVE-2025-64075Shared CWE-22

Affected Assets

riello-ups
netman 208
≤ 1.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates directory traversal in file uploads by validating inputs like /../ sequences in the certsupload.cgi endpoint.

prevent

Restricts file upload paths to authorized directories only, blocking traversal to arbitrary locations.

prevent

Remediates the vulnerability by patching the application to version 1.12 or later as specified in the advisory.

References