{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T16:14:38.331","vulnerabilities":[{"cve":{"id":"CVE-2025-27025","sourceIdentifier":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","published":"2025-07-02T10:15:22.880","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The target device exposes a service on a specific TCP port with a configured\n endpoint. The access to that endpoint is granted using a Basic Authentication\n method. The endpoint accepts also the PUT method and it is possible to \nwrite files on the target device file system. Files are written as root.\n Using Postman it is possible to perform a Directory Traversal attack \nand write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the \nsame mechanism to read any file from the file system by using the GET \nmethod."},{"lang":"es","value":"El dispositivo objetivo expone un servicio en un puerto TCP específico con un endpoint configurado. El acceso a dicho endpoint se otorga mediante un método de autenticación básica. El endpoint también acepta el método PUT y permite escribir archivos en el sistema de archivos del dispositivo objetivo. Los archivos se escriben como root. Con Postman, es posible realizar un ataque de Directory Traversal y escribir archivos en cualquier ubicación del sistema de archivos del dispositivo. De forma similar al método PUT, es posible utilizar el mismo mecanismo para leer cualquier archivo del sistema de archivos mediante el método GET."}],"metrics":{"cvssMetricV31":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158","type":"Secondary","description":[{"lang":"en","value":"CWE-280"}]}],"references":[{"url":"https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27025","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"},{"url":"https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27025","source":"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158"}]}}]}