Path Traversal Vulnerability in NASA Core Flight System Aquila
CVE-2025-25371

7.5HIGH

Key Information:

Vendor: NASA
Status: Core Flight System Aquila
Vendor: CVE Published:; 25 March 2025

What is CVE-2025-25371?

The NASA Core Flight System Aquila has been identified with a security vulnerability in the OSAL (Operating System Abstraction Layer) module. This vulnerability allows attackers to exploit path traversal, potentially leading to unauthorized access and modification of arbitrary files within the system. By leveraging this flaw, an attacker could manipulate file paths, effectively overriding system files and compromising system integrity. Organizations using this system are urged to assess their security measures and apply necessary mitigations promptly.

References

https://visionspace.com/nasa-cfs-version-aquila-software-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Feb 7, 2025