Path Traversal Vulnerability in GL-INet Beryl AX Router
CVE-2025-25684

7.5HIGH

Key Information:

Vendor: GL-INet
Status: Beryl AX GL-MT3000
Vendor: CVE Published:; 17 March 2025

What is CVE-2025-25684?

The GL-INet Beryl AX GL-MT3000 version 4.7.0 is susceptible to a path traversal vulnerability due to insufficient validation of the path parameter in the /download endpoint. This flaw enables attackers to exploit the device by sending a specially crafted POST request, allowing unauthorized access and download of arbitrary files from the device's filesystem. Such vulnerabilities can lead to data leaks and compromise network integrity, emphasizing the need for swift remediation and security updates.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://medium.com/@tfortinsec/multiple-path-traversal-vu...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 17, 2025

JSON

GL-INet

What is CVE-2025-25684?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.