Mohamed Lemine Ahmed Jidou

**Name of the Vulnerable Software and Affected Versions** Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 **Description** Inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted `fileName` parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE), which is the ability to execute arbitrary commands on a target machine, and complete system compromise. **Recommendations** Update to version 2.0.0-milestone-10 or later. Avoid using the `fileName` parameter in the Submodel HTTP API for file uploads until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10 **Description** The Operation Delegation feature fails to validate the destination URI of delegated requests. This design flaw allows an unauthenticated remote attacker to force the server to execute blind HTTP POST requests to arbitrary internal or external targets. Consequently, an attacker can bypass network segmentation to pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS). **Recommendations** Update to version 2.0.0-milestone-10 or later.