PT-2025-51560 · Waveview+1 · Waveview+1
Julia Zduńczyk
·
Published
2025-12-16
·
Updated
2025-12-16
·
CVE-2025-65076
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WaveView versions prior to 6.44.44
Description
The WaveView client allows users to execute a limited set of predefined commands and scripts on a connected WaveStore Server. A malicious actor with elevated privileges can read or delete any file on the server due to a path traversal flaw in the
ilog script. This script operates with root privileges.Recommendations
Update to version 6.44.44 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wavestore Server
Waveview