PT-2025-20475 · Sparx Systems · Sparx Systems Pro Cloud Server
Mikko Korpi
+1
·
Published
2025-05-09
·
Updated
2025-05-10
·
CVE-2025-4377
CVSS v4.0
8.3
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Sparx Systems Pro Cloud Server versions earlier than 6.0.165
Description
The issue is caused by an Improper Limitation of a Pathname, leading to a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in the logview.php file and allows reading arbitrary files on the filesystem. The logview is accessible through the Pro Cloud Server Configuration interface.
Recommendations
For versions earlier than 6.0.165, update to version 6.0.165 or later to resolve the issue.
As a temporary workaround, consider restricting access to the logview.php file until a patch is available.
Avoid using the logview feature in the Pro Cloud Server Configuration interface until the issue is resolved.
Fix
Path traversal
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sparx Systems Pro Cloud Server