CVE Vulnerabilities

CVE-2025-53079

Absolute Path Traversal

Published: Jul 29, 2025 | Modified: Aug 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files

Weakness

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as “/abs/path” that can resolve to a location that is outside of that directory.

Affected Software

Name Vendor Start Version End Version
Data_management_server_firmware Samsung 2.0.0 (including) 2.3.13.1 (excluding)
Data_management_server_firmware Samsung 2.5.0.17 (including) 2.6.14.1 (excluding)
Data_management_server_firmware Samsung 2.7.0.15 (including) 2.9.3.6 (excluding)

References