CVE-2025-65792
Published: 10 December 2025
Description
DataGear v5.5.0 is vulnerable to Arbitrary File Deletion.
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of user inputs to block path traversal sequences that enable arbitrary file deletion in DataGear v5.5.0.
Establishes processes to identify, prioritize, and remediate flaws like this critical path traversal vulnerability promptly.
Enforces restrictions on inputs at application boundaries to limit file paths to authorized locations, preventing arbitrary deletions.
Security SummaryAI
CVE-2025-65792 is an arbitrary file deletion vulnerability affecting DataGear version 5.5.0. Classified under CWE-22 (path traversal), it carries a CVSS v3.1 base score of 9.1 (Critical), with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H, indicating no confidentiality impact but high integrity and availability impacts.
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows arbitrary file deletion on the target system, potentially disrupting service availability and compromising data integrity by removing critical files.
For mitigation details, refer to the vendor advisories and references, including the GitHub issue at https://github.com/X3J1n/datagear/issues/1 and the Gist PoC at https://gist.github.com/X3J1n/82b047efdbfd74c414a6d63339ad12fb.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote exploitation of a public-facing web application (T1190) enables arbitrary file deletion on the target system (T1070.004), directly impacting integrity and availability.