CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-4377: Path traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.php

8.3 CVSS

Description

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server.

This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. 

Logview is accessible on Pro Cloud Server Configuration interface.

This issue affects Pro Cloud Server: earlier than 6.0.165.

Classification

CVE ID: CVE-2025-4377

CVSS Base Severity: HIGH

CVSS Base Score: 8.3

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:H/SI:N/SA:N

Problem Types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-20 Improper Input Validation

Affected Products

Vendor: Sparx Systems

Product: Pro Cloud Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 23.61% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4377
https://sparxsystems.com/products/procloudserver/6.1/

Timeline