CVE-2025-65075 — MEDIUM (6.5)

Q: How severe is CVE-2025-65075?

CVE-2025-65075 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-65075?

Check the references section above for vendor advisories and patch information. Affected products include: Wavestore Video Management Software Server.

Vulnerability Description

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This issue was fixed in version 6.44.44

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Wavestore	Video Management Software Server	<= 6.42.4

Related Weaknesses (CWE)

CWE-22

References

https://cert.pl/en/posts/2025/12/CVE-2025-65074Third Party Advisory
https://www.wavestore.com/products/video-management-softwareProduct

FAQ

What is CVE-2025-65075?

CVE-2025-65075 is a vulnerability with a CVSS score of 6.5 (MEDIUM). WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, ...

How severe is CVE-2025-65075?

CVE-2025-65075 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65075?

Check the references section above for vendor advisories and patch information. Affected products include: Wavestore Video Management Software Server.