{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2716", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-24T11:43:59.273Z", "datePublished": "2025-03-24T23:00:07.183Z", "dateUpdated": "2025-03-25T13:32:43.404Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-24T23:00:07.183Z"}, "title": "China Mobile P22g-CIac Samba Path path traversal", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "Path Traversal"}]}], "affected": [{"vendor": "China Mobile", "product": "P22g-CIac", "versions": [{"version": "1.0.00.488", "status": "affected"}], "modules": ["Samba Path Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In China Mobile P22g-CIac 1.0.00.488 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Samba Path Handler. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-03-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-24T12:49:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Yy123_ly14 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.300736", "name": "VDB-300736 | China Mobile P22g-CIac Samba Path path traversal", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.300736", "name": "VDB-300736 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.519900", "name": "Submit #519900 | China-Mobile-Internet-of-Things-Co.-Ltd. P22g-CIac V1.0.00.488 path", "tags": ["third-party-advisory"]}, {"url": "https://github.com/rookiiiiiiie/China-Mobile-Internet-of-Things-Co.-Ltd./blob/main/Issues.md", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"references": [{"url": "https://github.com/rookiiiiiiie/China-Mobile-Internet-of-Things-Co.-Ltd./blob/main/Issues.md", "tags": ["broken-link"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-25T13:32:22.103117Z", "id": "CVE-2025-2716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T13:32:43.404Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "China Mobile P22g-CIac Samba Path path traversal", "credits": [{"lang": "en", "type": "reporter", "value": "Yy123_ly14 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N"}}], "affected": [{"vendor": "China Mobile", "modules": ["Samba Path Handler"], "product": "P22g-CIac", "versions": [{"status": "affected", "version": "1.0.00.488"}]}], "timeline": [{"lang": "en", "time": "2025-03-24T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-24T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-24T12:49:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.300736", "name": "VDB-300736 | China Mobile P22g-CIac Samba Path path traversal", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.300736", "name": "VDB-300736 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.519900", "name": "Submit #519900 | China-Mobile-Internet-of-Things-Co.-Ltd. P22g-CIac V1.0.00.488 path", "tags": ["third-party-advisory"]}, {"url": "https://github.com/rookiiiiiiie/China-Mobile-Internet-of-Things-Co.-Ltd./blob/main/Issues.md", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In China Mobile P22g-CIac 1.0.00.488 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Samba Path Handler. Durch das Manipulieren mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Path Traversal"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-24T23:00:07.183Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-25T13:32:22.103117Z"}}}], "references": [{"url": "https://github.com/rookiiiiiiie/China-Mobile-Internet-of-Things-Co.-Ltd./blob/main/Issues.md", "tags": ["broken-link"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-03-25T13:32:36.470Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-2716", "state": "PUBLISHED", "dateUpdated": "2025-03-24T23:00:07.183Z", "dateReserved": "2025-03-24T11:43:59.273Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-24T23:00:07.183Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-2716", "lastModified": "2025-03-25T14:15:30.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:M/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-24T23:15:13.610", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/rookiiiiiiie/China-Mobile-Internet-of-Things-Co.-Ltd./blob/main/Issues.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.300736"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.300736"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.519900"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/rookiiiiiiie/China-Mobile-Internet-of-Things-Co.-Ltd./blob/main/Issues.md"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}