CVE-2025-4377: Path traversal vulnerability in Sparx Pro Cloud Server WebEA webconfig in logview.php
First published: Fri May 09 2025(Updated: )
Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server. This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. Logview is accessible on Pro Cloud Server Configuration interface. This issue affects Pro Cloud Server: earlier than 6.0.165.
Credit: db4dfee8-a97e-4877-bfae-eba6d14a2166
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sparx Systems Pro Cloud Server | <6.0.165 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4377?
CVE-2025-4377 has a critical severity rating due to its ability to allow unauthorized access to filesystem data.
How do I fix CVE-2025-4377?
To mitigate CVE-2025-4377, update your Sparx Systems Pro Cloud Server to version 6.0.165 or later.
Who is affected by CVE-2025-4377?
CVE-2025-4377 affects users of Sparx Systems Pro Cloud Server versions prior to 6.0.165.
What causes CVE-2025-4377?
CVE-2025-4377 is caused by improper limitation of a pathname leading to a path traversal vulnerability.
What is the impact of CVE-2025-4377?
The impact of CVE-2025-4377 is the potential exposure of arbitrary files from the filesystem to unauthorized users.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/type
- agent/references
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/sparx systems
- canonical/sparx systems pro cloud server