CVE-2025-4634

MEDIUM Year: 2025
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-552
View all →

Vulnerability Description

The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to view files on the filesystem

Related Vulnerabilities

CVE-2019-4398

MEDIUM
CVSS:4.0(Medium)

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-...

CWE-5522019

CVE-2023-2538

MEDIUM
CVSS:4.2(Medium)

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS...

CWE-5522023

CVE-2017-1602

MEDIUM
CVSS:4.3(Medium)

IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to access settings that they should not be able to using a specially crafted URL. IBM X-Force...

CWE-5522017

CVE-2019-17112

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed service allows a basic user ("Operator" access level) to access the configuration file of the mail server (...

CWE-5522019

CVE-2021-20148

MEDIUM
CVSS:4.3(Medium)

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured...

CWE-5522021

CVE-2021-22769

MEDIUM
CVSS:4.3(Medium)

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an atta...

CWE-5522021