Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-53082

Summary
Assigner-samsung.tv_appliance
Assigner Org ID-ca193ba2-0cff-4e34-b04e-1ea07103c6fe
Published At-29 Jul, 2025 | 05:08
Updated At-29 Jul, 2025 | 14:37
Rejected At-
Credits

An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:samsung.tv_appliance
Assigner Org ID:ca193ba2-0cff-4e34-b04e-1ea07103c6fe
Published At:29 Jul, 2025 | 05:08
Updated At:29 Jul, 2025 | 14:37
Rejected At:
▼CVE Numbering Authority (CNA)

An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.

Affected Products
Vendor
Samsung ElectronicsSamsung Electronics
Product
Data Management Server
Default Status
unaffected
Versions
Affected
  • From 2.0.0 before 2.3.13.1 (custom)
  • From 2.5.0.17 before 2.6.14.1 (custom)
  • From 2.7.0.15 before 2.9.3.6 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-23CWE-23 Relative Path Traversal
Type: CWE
CWE ID: CWE-23
Description: CWE-23 Relative Path Traversal
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Noam Moshe of Claroty Team82
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungda.com/securityUpdates.html
N/A
Hyperlink: https://security.samsungda.com/securityUpdates.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT@samsung.com
Published At:29 Jul, 2025 | 06:15
Updated At:11 Aug, 2025 | 19:11

An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.1MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CPE Matches
Samsung
samsung
>>data_management_server_firmware>>Versions from 2.0.0(inclusive) to 2.3.13.1(exclusive)
cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>data_management_server_firmware>>Versions from 2.5.0.17(inclusive) to 2.6.14.1(exclusive)
cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>data_management_server_firmware>>Versions from 2.7.0.15(inclusive) to 2.9.3.6(exclusive)
cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*
Samsung
samsung
>>data_management_server>>-
cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-23SecondaryPSIRT@samsung.com
CWE ID: CWE-23
Type: Secondary
Source: PSIRT@samsung.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.samsungda.com/securityUpdates.htmlPSIRT@samsung.com
Vendor Advisory
Hyperlink: https://security.samsungda.com/securityUpdates.html
Source: PSIRT@samsung.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2025-53081
Matching Score-8
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-8
Assigner-Samsung TV & Appliance
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 21.65%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 05:06
Updated-11 Aug, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-data_management_server_firmwaredata_management_serverData Management Server
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-10619
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-1.86% / 82.31%
||
7 Day CHG~0.00%
Published-09 Apr, 2020 | 13:13
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

Action-Not Available
Vendor-n/aAdvantech (Advantech Co., Ltd.)
Product-webaccess\/nmsWebAccess/NMS
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-8570
Matching Score-4
Assigner-Kubernetes
ShareView Details
Matching Score-4
Assigner-Kubernetes
CVSS Score-9.1||CRITICAL
EPSS-0.79% / 72.96%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 17:09
Updated-16 Sep, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes Java client libraries unvalidated path traversal in Copy implementation

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

Action-Not Available
Vendor-Kubernetes
Product-javaKubernetes Java Client
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-1588
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.11% / 30.62%
||
7 Day CHG~0.00%
Published-23 Feb, 2025 | 16:00
Updated-28 Feb, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Nurse Hiring System manage-nurse.php path traversal

A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/manage-nurse.php. The manipulation of the argument profilepic leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting vulnerability classes.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_nurse_hiring_systemOnline Nurse Hiring System
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-24
Path Traversal: '../filedir'
CVE-2021-24035
Matching Score-4
Assigner-Meta Platforms, Inc.
ShareView Details
Matching Score-4
Assigner-Meta Platforms, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.48% / 64.31%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 03:35
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.

Action-Not Available
Vendor-WhatsApp LLCFacebook
Product-whatsappWhatsApp for AndroidWhatsApp Business for Android
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Details not found