Client-Side Path Traversal Vulnerability in Nozomi Networks Web Management Interface
CVE-2025-3718

5.8MEDIUM

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 7 October 2025

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2025-3718?

A client-side path traversal vulnerability affecting the web management interface allows an authenticated user with limited privileges to exploit a lack of input validation. By crafting a malicious URL, the attacker can initiate a Cross-Site Scripting (XSS) attack if this URL is accessed by another authenticated user. This vulnerability poses significant risks, as it could potentially lead to unauthorized access or compromise the integrity of user data.

Affected Version(s)

CMC 0 < 25.2.0

Guardian 0 < 25.2.0

References

https://security.nozominetworks.com/NN-2025:4-01

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

This issue was found by Stefano Libero and Andrea Palanca of Nozomi Networks Product Security team during an internal investigation.

JSON