Path Traversal Vulnerability in Ozeki SMS Gateway
CVE-2023-7327

8.7HIGH

Key Information:

Vendor: Ozeki Ltd.
Status: Ozeki Sms Gateway
Vendor: CVE Published:; 12 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-7327?

The Ozeki SMS Gateway is affected by a path traversal vulnerability, which allows unauthenticated attackers to exploit URL-encoded traversal sequences. This exploitation can lead to unauthorized access and reading of sensitive files from the underlying filesystem, operating under the privileges of the gateway service. As a result, attackers may gain exposure to confidential information that could have serious implications for users and organizations relying on this service.

Affected Version(s)

Ozeki SMS Gateway 0 <= 10.3.208

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-7327 - Proof of Concept

References

https://www.exploit-db.com/exploits/51646

exploit

https://ozeki-sms-gateway.com/

product

https://www.vulncheck.com/advisories/ozeki-sms-gateway-un...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 12, 2025
👾
Exploit known to exist
Nov 12, 2025
Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Nov 12, 2025

Credit

Ahmet Ümit BAYRAM

JSON

Ozeki Ltd.

Badges

What is CVE-2023-7327?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit