CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-2493: Path Traversal vulnerability in Softdial Contact Center

8.7 CVSS

Description

Path Traversal vulnerability in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to manipulate the ‘id’ parameter of the ‘/softdial/scheduler/load.php’ endpoint to navigate beyond the intended directory. This can allow unauthorised access to sensitive files outside the expected scope, posing a security risk.

Classification

CVE ID: CVE-2025-2493

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected Products

Vendor: Sytel Ltd

Product: Softdial Contact Center

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 18.5% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2493
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-softdial-contact-center

Timeline

2025-03-18 12:40:17 UTC
CVE

Path Traversal vulnerability in Softdial Contact Center