Path Traversal Vulnerability in Import Arc Functionality for Nozomi Networks Products
CVE-2025-40898

7.2HIGH

Key Information:

Vendor: Nozomi Networks
Status: Guardian; Cmc
Vendor: CVE Published:; 18 December 2025

🔔 Create Nozomi Networks Vulnerability Alert

What is CVE-2025-40898?

A path traversal vulnerability exists in the Import Arc data archive functionality within Nozomi Networks products due to inadequate validation of input files. This flaw allows an authenticated user, even with limited permissions, to upload a specially crafted Arc data archive. Consequently, this could enable the user to write arbitrary files to locations on the system, compromising device configurations or availability. Proper input validation and controls are essential to mitigate these risks.

Affected Version(s)

CMC 0 < 25.5.0

Guardian 0 < 25.5.0

References

https://security.nozominetworks.com/NN-2025:15-01

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation.

JSON