Description
A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.
Published: 2025-12-18
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file write enabling configuration tampering or availability impact
Action: Immediate Patch
AI Analysis

Impact

A path traversal flaw in the Import Arc data archive feature allows an authenticated user with limited privileges to upload a specially crafted archive. The uploader’s input is insufficiently validated, enabling the write of files to arbitrary filesystem locations. This can change the device configuration or disrupt operation, potentially leading to broader compromise if configuration files control executable components.

Affected Systems

Nozomi Networks CMC and Guardian products are affected for all releases prior to version 25.5.0. The vulnerability exists across both product lines and is active until the vendor releases a patch in version 25.5.0 or later.

Risk and Exploitability

The CVSS score of 7.2 classifies this as high severity, while the EPSS score of less than 1% indicates a low exploitation likelihood as of now. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to authenticate to the web management interface and upload a malicious archive, so the attack vector is assumed to be the web interface with limited‑privilege accounts.

Generated by OpenCVE AI on April 20, 2026 at 16:34 UTC.

Remediation

Vendor Solution

Upgrade to v25.5.0 or later.

Vendor Workaround

Use internal firewall features to limit access to the web management interface.

OpenCVE Recommended Actions

  • Deploy the vendor‑supplied patch by upgrading Nozomi Networks CMC and Guardian to version 25.5.0 or later.
  • Limit access to the web management interface by configuring internal firewall rules to allow only trusted networks or IP addresses.
  • Audit all accounts that have upload or administrative privileges on the devices and remove accounts that are unnecessary or inactive.
  • If an immediate upgrade is not possible, disable or restrict the Import Arc data archive functionality and monitor for abnormal upload activity.

Generated by OpenCVE AI on April 20, 2026 at 16:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
References

Tue, 06 Jan 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Nozominetworks
Nozominetworks cmc
Nozominetworks guardian
CPEs cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozominetworks
Nozominetworks cmc
Nozominetworks guardian

Thu, 18 Dec 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 18 Dec 2025 13:30:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability was discovered in the Import Arc data archive functionality due to insufficient validation of the input file. An authenticated user with limited privileges, by uploading a specifically-crafted Arc data archive, can potentially write arbitrary files in arbitrary paths, altering the device configuration and/or affecting its availability.
Title Path traversal in Import Arc data archive functionality in Guardian/CMC before 25.5.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-22
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 7.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nozomi Networks Cmc Guardian
Nozominetworks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-04-14T08:58:13.064Z

Reserved: 2025-04-16T09:04:35.922Z

Link: CVE-2025-40898

cve-icon Vulnrichment

Updated: 2025-12-18T14:19:13.838Z

cve-icon NVD

Status : Modified

Published: 2025-12-18T14:15:59.780

Modified: 2026-04-14T10:16:27.820

Link: CVE-2025-40898

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T16:45:11Z

Weaknesses