Vulnerability Description
JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying filesystem within the context of the web server. This may result in disclosure of system configuration files and other sensitive information.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://downloads.jung.de/public/en/pdf/productdocumentation/en_sp5.1knx_0901201
- https://www.jung-group.com/
- https://www.vulncheck.com/advisories/jung-smart-panel-knx-unauthenticated-path-t
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5969.php
FAQ
What is CVE-2026-25872?
CVE-2026-25872 is a vulnerability with a CVSS score of 5.3 (MEDIUM). JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path inp...
How severe is CVE-2026-25872?
CVE-2026-25872 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25872?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.