PT-2025-29437 · Avid · Avid Nexis E-Series+2
Cert-Bund
+1
·
Published
2025-07-14
·
Updated
2025-07-14
·
CVE-2024-26292
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Avid NEXIS E-series versions prior to 2025.5.1
Avid NEXIS F-series versions prior to 2025.5.1
Avid NEXIS PRO+ versions prior to 2025.5.1
System Director Appliance (SDA+) versions prior to 2025.5.1
Description:
The application is susceptible to an authenticated Arbitrary File Deletion. Because the application operates with elevated privileges (root/NT AUTHORITY SYSTEM) by default, attackers may exploit this to delete critical files.
Recommendations:
Avid NEXIS E-series: Update to version 2025.5.1 or later.
Avid NEXIS F-series: Update to version 2025.5.1 or later.
Avid NEXIS PRO+: Update to version 2025.5.1 or later.
System Director Appliance (SDA+): Update to version 2025.5.1 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avid Nexis E-Series
Avid Nexis Pro+
System Director Appliance