CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.702

EPSS Ranking 98.6%

CVSS Severity

CVSS v3 Score 7.2

Proposed Action

Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

Ransomware Campaign

Unknown

References

https://www.outputmessenger.com/cve-2025-27920/
https://www.srimax.com/products-2/output-messenger/
https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/

Products affected by CVE-2025-27920

Srimax » Output Messenger » Version: Any

cpe:2.3:a:srimax:output_messenger:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-27920

Products

Pricing

Contact Us