Directory Traversal Vulnerability in Riello UPS NetMan 208
CVE-2025-68916

9.1CRITICAL

Key Information:

Vendor: Riello
Status: Netman
Vendor: CVE Published:; 24 December 2025

What is CVE-2025-68916?

The Riello UPS NetMan 208 application prior to version 1.12 is vulnerable to directory traversal. This vulnerability allows attackers to exploit the cgi-bin/certsupload.cgi endpoint, enabling unauthorized file uploads. Successful exploitation can result in remote code execution, leading to potential compromise of the UPS management system. Proper validation and sanitization measures are crucial to mitigate this risk.

Affected Version(s)

NetMan 208 < 208 1.12

References

https://github.com/gerico-lab/riello-multiple-vulnerabili...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2025
Vulnerability Reserved
Dec 24, 2025

JSON