Unauthenticated Path Traversal Vulnerability in Avid Nexis Agent Software
CVE-2024-26293

8.7HIGH

Key Information:

Vendor

Avid

Status
Avid Nexis E-series
Avid Nexis F-series
Avid Nexis Pro+
System Director Appliance (sda+)
Vendor
CVE Published:
14 July 2025

What is CVE-2024-26293?

The Avid Nexis Agent is susceptible to an unauthenticated path traversal vulnerability due to an outdated version of gSOAP (v2.8). This vulnerability allows attackers to exploit the software without proper credentials, potentially leading to unauthorized file access. Affected systems include various models of Avid NEXIS storage solutions that have not been updated to version 2025.5.1 or later. It is crucial for users of Avid NEXIS products to apply the necessary updates to mitigate this risk and secure their systems against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Avid NEXIS E-series Linux 0 < 2025.5.1

Avid NEXIS F-series Linux 0 < 2025.5.1

Avid NEXIS PRO+ Linux 0 < 2025.5.1

References

https://resources.avid.com/SupportFiles/attach/AvidNEXIS/...
vendor-advisory
https://raeph123.github.io/BlogPosts/Avid_Nexis/Advisory_...
third-party-advisorytechnical-description
https://www.genivia.com/changelog.html
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

DriveByte
CERT-Bund
JSON
.