CVE-2025-20665

MEDIUM Year: 2025
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-538
View all →

Vulnerability Description

In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.

Related Vulnerabilities

CVE-2021-3709

MEDIUM
CVSS:5.5(Medium)

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior t...

CWE-5382021

CVE-2022-0013

MEDIUM
CVSS:5.5(Medium)

A file information exposure vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker to read the contents of arbitrary files on the system with elevated privileges...

CWE-5382022

CVE-2023-38558

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application lea...

CWE-5382023

CVE-2023-4480

MEDIUM
CVSS:5.5(Medium)

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the...

CWE-5382023

CVE-2017-9947

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with netwo...

CWE-5382017

CVE-2021-32822

MEDIUM
CVSS:5.3(Medium)

The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulner...

CWE-5382021