CVE-2025-3223

Severity CVSS v4.0:

Pending analysis

Type:

CWE-22 Path Traversal

Publication date:

19/05/2025

Last modified:

21/05/2025

Description

Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) vulnerability in GE Vernova WorkstationST on Windows (EGD Configuration Server modules) allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS v3.1 Severity and Metrics:

Base Score: 5.90 MEDIUM
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

Attack Vector (AV): Adjacent
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): High
Availability (A): Low

Base Score 3.x

5.90

Severity 3.x

MEDIUM

References to Advisories, Solutions, and Tools

https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/2024-09-24_EGD_Config_Server_File_Overwrite.pdf