ByteOS Network

NVD Vulnerability Details :

CVE-2025-67223

Received

Source-cve@mitre.org

Published At-28 Apr, 2026 | 15:16

Updated At-28 Apr, 2026 | 16:16

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-377	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-532	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-377

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-532

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://arandasoft.com/en/productos/aranda-service-management/	cve@mitre.org	N/A
https://docs.arandasoft.com/at-v8-release-notes/en/pages/release_pdf/file_server.html	cve@mitre.org	N/A
https://github.com/brandonperezlara/CVE-2025-67223	cve@mitre.org	N/A
https://github.com/brandonperezlara/CVE-2025-67223	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A