PT-2025-51558 · Unknown+1 · Wavestore Server+1
Julia Zduńczyk
·
Published
2025-12-16
·
Updated
2025-12-16
·
CVE-2025-65074
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WaveView versions prior to 6.44.44
Description
The WaveView client allows users to execute a limited set of predefined commands and scripts on a connected WaveStore Server. A malicious attacker with high privileges can execute arbitrary OS commands on the server by exploiting a path traversal flaw in the
showerr script.Recommendations
Update to version 6.44.44 or later.
Fix
Path traversal
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wavestore Server
Waveview