What is the severity of CVE-2025-0630?

CVE-2025-0630 is considered a high-severity vulnerability due to its potential for local file inclusion exploits that can compromise device security.

How do I fix CVE-2025-0630?

To fix CVE-2025-0630, update the firmware of Western Telematic NPS, DSM, or CPM series products to versions later than 6.62.

What products are affected by CVE-2025-0630?

CVE-2025-0630 affects Western Telematic NPS, DSM, and CPM series products with firmware versions 6.62 and prior.

Can authenticated users exploit CVE-2025-0630?

Yes, any authenticated user can exploit CVE-2025-0630 to access privileged files on the device's filesystem.

Is CVE-2025-0630 a network-based vulnerability?

No, CVE-2025-0630 is a local file inclusion vulnerability, requiring authenticated access to exploit.

Vulnerability/
CVE-2025-0630

medium

6.5

CWE

4/2/2025

CVE-2025-0630: Western Telematic Inc NPS Series, DSM Series, CPM Series External Control of File Name or Path

First published: Tue Feb 04 2025(Updated: )

Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Western Telematic Inc Network Power Switch (NPS Series)
Western Telematic Inc Network Power Switch (NPS Series)
Western Telematic Inc Network Power Switch (NPS Series)
Western Telematic Inc Network Power Switch (NPS Series)
Western Telematic Inc Console Server (DSM Series)
Western Telematic Inc Console Server + PDU Combo Unit (CPM Series)

Remedy

Western Telematic Inc reports this issue was discovered and patched in 2020. Western Telematic Inc recommends users follow best practices and update to the latest version. * For DSM/CPM units: Update to 8.06 https://ftp.wti.com/pub/TechSupport/Firmware_ARM/ * For NPS units: Update 4.02 https://ftp.wti.com/pub/TechSupport/Firmware_ARM/ * Ensure the default passwords are changed prior to deployment

Never miss a vulnerability like this again

Reference Links

https://www.cisa.gov/news-events/ics-advisories/icsa-25-035-01 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

ICSA-25-035-01

Frequently Asked Questions

What is the severity of CVE-2025-0630?
CVE-2025-0630 is considered a high-severity vulnerability due to its potential for local file inclusion exploits that can compromise device security.
How do I fix CVE-2025-0630?
To fix CVE-2025-0630, update the firmware of Western Telematic NPS, DSM, or CPM series products to versions later than 6.62.
What products are affected by CVE-2025-0630?
CVE-2025-0630 affects Western Telematic NPS, DSM, and CPM series products with firmware versions 6.62 and prior.
Can authenticated users exploit CVE-2025-0630?
Yes, any authenticated user can exploit CVE-2025-0630 to access privileged files on the device's filesystem.
Is CVE-2025-0630 a network-based vulnerability?
No, CVE-2025-0630 is a local file inclusion vulnerability, requiring authenticated access to exploit.

collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/title
agent/references
agent/type
agent/first-publish-date
agent/description
collector/ics-cert-advisory
source/ICS
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/guess-ai
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/source
agent/tags
agent/author
agent/event
vendor/: western telematic inc
canonical/western telematic inc network power switch (nps series)
canonical/western telematic inc console server (dsm series)
canonical/western telematic inc console server + pdu combo unit (cpm series)
vendor/western telematic