Directory Traversal Vulnerability in Output Messenger by Srimax Technologies
CVE-2025-27920

7.2HIGH

Key Information:

Vendor

Srimax

Status
Output Messenger
Vendor
CVE Published:
5 May 2025

Badges

📈 Trended📈 Score: 1,320💰 Ransomware👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2025-27920?

CVE-2025-27920 is a directory traversal vulnerability that affects Output Messenger, a communication platform developed by Srimax Technologies. This software is designed for facilitating secure messaging and collaboration among users within organizations. The vulnerability arises from improper handling of file paths, allowing attackers to leverage directory traversal techniques by using sequences like "../". This method can be exploited to access sensitive files that reside outside the designated directories, potentially leading to unauthorized data exposure, leakage of critical configuration settings, and arbitrary file access within the system. Such exploitation could significantly disrupt operations, compromise security protocols, and result in severe information loss.

Potential impact of CVE-2025-27920

  1. Sensitive Data Exposure: Attackers can access confidential files that should be protected, leading to data breaches that could compromise personal, financial, or proprietary information.

  2. Configuration Leakage: The vulnerability can allow adversaries to obtain sensitive configuration files that may reveal system architecture or credential information, increasing the risk of further attacks.

  3. Arbitrary File Access: The capability for unauthorized file access opens the door for potential manipulation or destruction of critical system files, jeopardizing system integrity and availability.

CISA has reported CVE-2025-27920

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-27920 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Output Messenger 0 < 2.0.63

News Articles

Turkish APT Exploits Chat Zero-Day to Spy on Iraqi Kurds

Even after their zero-day vulnerability turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger.

4 days ago

favicon imagecyfirma

Weekly Intelligence Report - 16 May 2025 - CYFIRMA

Published On : 2025-05-15 Ransomware of the week CYFIRMA Research and Advisory Team would like to highlight ransomware trends and insights gathered while monitoring various forums. This includes...

5 days ago

favicon imageInfosecurity Magazine

Turkey-Aligned Hackers Targeted Iraq-Based Kurds with Zero-Day Exploit

Marbled Dust has been exploiting a vulnerability in user accounts associated with the Kurdish military operating in Iraq for over a year

6 days ago

References

https://www.srimax.com/products-2/output-messenger/
https://www.outputmessenger.com/cve-2025-27920/

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 🦅

    CISA Reported

  • 📈

    Vulnerability started trending

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Microsoft

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27920 : Directory Traversal Vulnerability in Output Messenger by Srimax Technologies