CVE-2022-25249

Name of the Vulnerable Software and Affected Versions Axeda agent versions prior to 6.9.2 Axeda agent versions prior to 6.9.3 Axeda Desktop Server for Windows (all versions)

Description The issue is related to incorrect restriction of a directory path name with limited access. This could allow a remote unauthenticated attacker to read arbitrary files by sending a specially crafted HTTP request, potentially obtaining file system read access via the web server.

Recommendations For Axeda agent versions prior to 6.9.2, update to version 6.9.2 or later. For Axeda agent versions prior to 6.9.3, update to version 6.9.3 or later. For Axeda Desktop Server for Windows, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the web server to minimize the risk of exploitation.