CVE-2025-10461 (GCVE-0-2025-10461)
Vulnerability from cvelistv5
Published
2026-03-16 13:27
Modified
2026-03-27 08:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.
This issue affects
smartLink SW-HT: through 1.42
smartLink SW-PN: through 1.03.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Softing | smartLink SW-HT |
Version: 0 < Patch: 1.43 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:27:44.548413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:27:51.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-HT",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.42",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.43",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"filesystem"
],
"product": "smartLink SW-PN",
"vendor": "Softing",
"versions": [
{
"lessThanOrEqual": "1.03",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "1.04"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.42",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.03",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "OpenVAS"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03.\u003c/p\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\n\n\n\nThis issue affects\n\nsmartLink SW-HT: through 1.42\n\nsmartLink SW-PN: through 1.03."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497 File Discovery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T08:13:41.200Z",
"orgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"shortName": "Softing"
},
"references": [
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html"
},
{
"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003e\n\n\u003c/p\u003e\u003cp\u003esmartLink SW-HT: 1.43\u003c/p\u003esmartLink SW-PN: 1.04\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "This issue is fixed in\n\n\n\n\n\nsmartLink SW-HT: 1.43\n\nsmartLink SW-PN: 1.04"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Global file reads caused by improper URL checks in webserver",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10de8ef9-5c89-4b17-8228-e97b74acf4bd",
"assignerShortName": "Softing",
"cveId": "CVE-2025-10461",
"datePublished": "2026-03-16T13:27:21.381Z",
"dateReserved": "2025-09-15T05:57:59.903Z",
"dateUpdated": "2026-03-27T08:13:41.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-10461\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-16T14:27:44.548413Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-16T14:27:48.578Z\"}}], \"cna\": {\"title\": \"Global file reads caused by improper URL checks in webserver\", \"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"tool\", \"value\": \"OpenVAS\"}], \"impacts\": [{\"capecId\": \"CAPEC-497\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-497 File Discovery\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 5.3, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Softing\", \"modules\": [\"filesystem\"], \"product\": \"smartLink SW-HT\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.42\"}, {\"status\": \"unaffected\", \"version\": \"1.43\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Softing\", \"modules\": [\"filesystem\"], \"product\": \"smartLink SW-PN\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.03\"}, {\"status\": \"unaffected\", \"version\": \"1.04\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"This issue is fixed in\\n\\n\\n\\n\\n\\nsmartLink SW-HT: 1.43\\n\\nsmartLink SW-PN: 1.04\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThis issue is fixed in\u003c/p\u003e\u003cp\u003e\\n\\n\u003c/p\u003e\u003cp\u003esmartLink SW-HT: 1.43\u003c/p\u003esmartLink SW-PN: 1.04\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html\"}, {\"url\": \"https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\\n\\n\\n\\nThis issue affects\\n\\nsmartLink SW-HT: through 1.42\\n\\nsmartLink SW-PN: through 1.03.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\u003cp\u003e\\n\\n\u003c/p\u003e\u003cp\u003eThis issue affects\u003c/p\u003e\u003cp\u003esmartLink SW-HT: through 1.42\u003c/p\u003e\u003cp\u003esmartLink SW-PN: through 1.03.\u003c/p\u003e\\n\\n\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:softing:smartlink_sw-ht:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"1.42\", \"versionStartIncluding\": \"0\"}, {\"criteria\": \"cpe:2.3:a:softing:smartlink_sw-ht:1.43:*:*:*:*:*:*:*\", \"vulnerable\": false}], \"operator\": \"OR\"}, {\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:softing:smartlink_sw-pn:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"1.03\", \"versionStartIncluding\": \"0\"}, {\"criteria\": \"cpe:2.3:a:softing:smartlink_sw-pn:1.04:*:*:*:*:*:*:*\", \"vulnerable\": false}], \"operator\": \"OR\"}], \"operator\": \"OR\"}], \"providerMetadata\": {\"orgId\": \"10de8ef9-5c89-4b17-8228-e97b74acf4bd\", \"shortName\": \"Softing\", \"dateUpdated\": \"2026-03-27T08:13:41.200Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-10461\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-27T08:13:41.200Z\", \"dateReserved\": \"2025-09-15T05:57:59.903Z\", \"assignerOrgId\": \"10de8ef9-5c89-4b17-8228-e97b74acf4bd\", \"datePublished\": \"2026-03-16T13:27:21.381Z\", \"assignerShortName\": \"Softing\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…