Welotec: Path Traversal in SmartEMS Upload Handling

VDE-2025-085

Last update

09/22/2025 10:00

Published at

09/10/2025 09:00

Vendor(s)

Welotec GmbH

External ID

VDE-2025-085

CSAF Document

Download

Summary

A path traversal flaw in the SmartEMS upload handling allows authenticated users to direct upload data outside of the intended directory via the 'Upload-Key' header. In deployments where writable, code-interpreted paths are reachable, this may lead to remote code execution.

Impact

An authenticated attacker with network access to the SmartEMS Web UI can write outside the intended upload directory, overwrite or place files in sensitive locations, escalate to remote code execution depending on filesystem permissions and execution context, and access or modify sensitive data.

Affected Product(s)

Model no.	Product name	Affected versions
	Welotec Software SmartEMS Web Application <v3.3.6	Welotec Software SmartEMS Web Application <v3.3.6

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:57

Severity

8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Summary

The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write and may be leveraged to achieve remote code execution.

References

cve.org | nvd.nist.gov

Revision History

Version	Date	Summary
1.0.0	09/10/2025 09:00	Initial revision.
1.0.1	09/22/2025 10:00	Changes impact note categorie from details to description

Welotec: Path Traversal in SmartEMS Upload Handling

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2025-41714 8.8

Revision History