Description
PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.
Published: 2026-05-25
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PCViewer vt1000 is vulnerable to a directory traversal flaw that permits unauthenticated attackers to read arbitrary files on the host via malicious GET requests. By including relative path sequences such as ../../../../../../../../../../../../etc/passwd in a URL, a requester can manipulate the file system path used by the application and obtain sensitive files. This weakness is a classic example of CWE‑22, which enables attackers to bypass intended access controls and obtain confidential information.

Affected Systems

The affected product is PCViewer from Softpedia. No version details were provided in the CVE data, so any release that has not applied the fix remains vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector is an unauthenticated HTTP GET request that supplies a path traversal sequence. An attacker can readily construct such requests without authentication, read arbitrary files such as /etc/passwd, and potentially glean other sensitive data. Because the application does not restrict the traversal sequences, the success of exploitation depends only on the presence of a vulnerable web service and writable host permissions to the PCViewer process.

Generated by OpenCVE AI on May 25, 2026 at 15:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest PCViewer patch or upgrade to a version that fixes the directory traversal vulnerability.
  • Configure the web server or the application to limit the served document root and deny any relative paths that attempt to navigate outside the intended directory.
  • Enforce strict filesystem permissions so that the PCViewer process does not have read access to sensitive system files such as /etc/passwd.

Generated by OpenCVE AI on May 25, 2026 at 15:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.
Title PCViewer vt1000 Directory Traversal via GET Request
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-25T14:15:11.707Z

Reserved: 2026-05-25T13:21:17.485Z

Link: CVE-2018-25365

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T15:30:06Z

Weaknesses