ГлавнаяУязвимости → CVE-2025-65074
7.2высокая

CVE-2025-65074

Описание

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script. This issue was fixed in version 6.44.44

Затрагиваемое ПО
Wavestore Video management software server
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://cert.pl/en/posts/2025/12/CVE-2025-65074https://www.wavestore.com/products/video-management-software