CVE-2025-14182
Published: 07 December 2025
Description
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Security Summary
CVE-2025-14182 is a path traversal vulnerability (CWE-22) discovered in Sobey Media Convergence System versions 2.0 and 2.1. The issue resides in unknown code associated with the /sobey-mchEditor/watermark/upload file or endpoint, where manipulation of the "File" argument enables traversal outside intended directories. It carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was published on 2025-12-07T03:15:58.340.
The vulnerability can be exploited remotely by an attacker possessing low privileges (PR:L). By crafting a request that abuses the File argument, the attacker can achieve limited impacts: low confidentiality (C:L) through potential unauthorized file access, low integrity (I:L) via file modification, and low availability (A:L) effects such as denial of service on targeted files.
Advisories detailing the vulnerability are available from VulDB (https://vuldb.com/?ctiid.334602, https://vuldb.com/?id.334602, https://vuldb.com/?submit.698561) and GitHub (https://github.com/hacker-routing/cve/issues/1). The exploit has been publicly disclosed and may be actively used by attackers.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Path traversal vulnerability in public-facing web upload endpoint (T1190) enables unauthorized file access and discovery outside intended directories (T1083), with confirmed impacts to confidentiality and integrity.