CVE-2025-27025

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined.

Description: The issue concerns a service exposed on a specific TCP port with a configured endpoint that uses Basic Authentication. This endpoint is vulnerable to Directory Traversal attacks, allowing unauthorized file manipulation. An attacker can leverage the PUT method to write files to any location on the device's file system with root privileges. Similarly, the GET method can be used to read any file from the file system. This vulnerability poses a significant risk, enabling unsanctioned file access and manipulation.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.