Description
docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The reported vulnerability is a directory traversal flaw within the docuFORM Managed Print Service Client version 11.11c. An attacker can craft a URL that manipulates path traversal characters, enabling reading of arbitrary files on the host system. Because the flaw allows direct access to files outside the intended web root, the primary impact is leakage of sensitive data, potentially compromising confidentiality of system files, credentials, or configuration information. The weakness is a classic path traversal issue, corresponding to CWE-22.

Affected Systems

The vulnerability applies to docuFORM Managed Print Service Client version 11.11c. No additional vendor or product details are provided, but the flaw resides in the client component that exposes an HTTP interface for print job management.

Risk and Exploitability

The CVSS score is 7.5. The EPSS score is <1%, indicating a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. These factors imply that the risk is uncertain, though the flaw allows local or remote parties who can reach the client’s URL space to retrieve files. The likely attack vector is via crafted HTTP requests directly to the Managed Print Service Client, requiring network access to the service endpoint.

Generated by OpenCVE AI on May 12, 2026 at 21:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact docuFORM to obtain any available security patch or update for the 11.11c release.
  • Limit the web interface of the Managed Print Service Client to trusted networks or authorized users, e.g., by firewall rules or VPN access.
  • Configure the web server to restrict path traversal by whitelisting allowed directories and sanitizing URL inputs.

Generated by OpenCVE AI on May 12, 2026 at 21:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Directory Traversal in docuFORM Managed Print Service Client 11.11c Enables Arbitrary File Read

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Docuform
Docuform docuform
Vendors & Products Docuform
Docuform docuform

Mon, 11 May 2026 18:00:00 +0000

Type Values Removed Values Added
Title Directory Traversal in docuFORM Managed Print Service Client 11.11c Enables Arbitrary File Read
Weaknesses CWE-22

Mon, 11 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.
References

Subscriptions

Docuform Docuform
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-12T17:48:13.086Z

Reserved: 2025-11-18T00:00:00.000Z

Link: CVE-2025-65418

cve-icon Vulnrichment

Updated: 2026-05-12T17:48:08.540Z

cve-icon NVD

Status : Deferred

Published: 2026-05-11T16:17:29.267

Modified: 2026-05-12T18:16:36.280

Link: CVE-2025-65418

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:30:25Z

Weaknesses