CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03.

CVSS

No CVSS.

References

Link	Resource
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-16 14:17

Updated : 2026-03-27 09:16

NVD link : CVE-2025-10461

Mitre link : CVE-2025-10461

CVE.ORG link : CVE-2025-10461

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-10461", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 5.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-16T14:17:53.620", "references": [{"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html", "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd"}, {"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json", "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\n\n\n\nThis issue affects\n\nsmartLink SW-HT: through 1.42\n\nsmartLink SW-PN: through 1.03."}, {"lang": "es", "value": "Lecturas globales de archivos causadas por comprobaciones de URL incorrectas en el servidor web en smartLinks de Softing Industrial Automation GmbH en docker (m\u00f3dulos del sistema de archivos) permiten el acceso a archivos.\n\nEste problema afecta a\n\nsmartLink SW-HT: hasta la versi\u00f3n 1.42\n\nsmartLink SW-PN: hasta la versi\u00f3n 1.03."}], "lastModified": "2026-03-27T09:16:17.050", "sourceIdentifier": "10de8ef9-5c89-4b17-8228-e97b74acf4bd"}

CVE-2025-10461

JSON object

Attach tags to CVE-2025-10461

Attach tags to `CVE-2025-10461`