CVE-2025-40898 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-40898 PUBLISHED CVSS 7.199999809265137 HIGH

A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.

EPSS 0.12% · 30.3th percentile

Risk Scores

CVSS v4.0

7.199999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.12%

30.3th percentile

Affected Products

Vendor	Product	Versions
Nozomi Networks	Guardian	0
nozomi_networks	guardian	0
Nozomi Networks	CMC	0
nozominetworks	guardian	0
nozomi_networks	cmc	0
nozominetworks	cmc	0

Timeline

Apr 16, 2025 CVE ID Reserved
Dec 18, 2025 CVE Published
Dec 19, 2025 EPSS Score
Dec 22, 2025 EPSS Score
Dec 26, 2025 EPSS Score
Dec 29, 2025 EPSS Score
Jan 1, 2026 EPSS Score
Jan 5, 2026 EPSS Score
Jan 8, 2026 EPSS Score
Jan 11, 2026 EPSS Score
Jan 14, 2026 EPSS Score
Jan 18, 2026 EPSS Score

References

Open in Interactive Console →