CVE-2025-65076 — MEDIUM (6.1)

Q: How severe is CVE-2025-65076?

CVE-2025-65076 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-65076?

Check the references section above for vendor advisories and patch information. Affected products include: Wavestore Video Management Software Server.

Vulnerability Description

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any file on the server using path traversal in the ilog script. This script is being run with root privileges. This issue was fixed in version 6.44.44

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Wavestore	Video Management Software Server	<= 6.42.4

Related Weaknesses (CWE)

CWE-22

References

https://cert.pl/en/posts/2025/12/CVE-2025-65074Third Party Advisory
https://www.wavestore.com/products/video-management-softwareProduct

FAQ

What is CVE-2025-65076?

CVE-2025-65076 is a vulnerability with a CVSS score of 6.1 (MEDIUM). WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any fil...

How severe is CVE-2025-65076?

CVE-2025-65076 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-65076?

Check the references section above for vendor advisories and patch information. Affected products include: Wavestore Video Management Software Server.