CVE-2024-26291
published 2025-07-14CVE-2024-26291: An Unauthenticated Arbitrary File Read vulnerability affects the Agent when installed on a system. The parameter filename does not validate the path thus…
PriorityP260high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.08%
61.0th percentile
An Unauthenticated Arbitrary File Read vulnerability affects the
Agent when installed on a system. The parameter filename does not validate the
path thus allowing users to read arbitrary files. As
the application runs with the highest privileges (root/NT_AUTHORITY SYSTEM)
by default attackers are able to obtain sensitive information.
This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avid | avid_nexis_e-series | < 2025.5.1 | 2025.5.1 |
| avid | avid_nexis_f-series | < 2025.5.1 | 2025.5.1 |
| avid | avid_nexis_pro | < 2025.5.1 | 2025.5.1 |
| avid | system_director_appliance | < 2025.5.1 | 2025.5.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP requests to the /logs endpoint with a filename parameter containing path traversal sequences (e.g., %2F, %5C, ../) — this is the vulnerable parameter enabling arbitrary file read. ↗
- →Responses from the vulnerable Avid NEXIS Agent will include the 'gSOAP' string in the HTTP response header — use this to fingerprint the service. ↗
- →Use FOFA or similar asset discovery with the query body="Avid Nexis" to identify exposed Avid NEXIS Agent instances on the internet. ↗
- →No authentication is required to exploit this vulnerability — any unauthenticated GET request to /logs?filename= with an arbitrary path is sufficient. ↗
- ·The vulnerability affects Avid NEXIS Agent running as root (Linux) or NT_AUTHORITY SYSTEM (Windows) by default, meaning file reads are not restricted by OS-level permissions. ↗
- ·All affected product lines (E-series, F-series, PRO+, SDA+) share the same vulnerable Agent component and endpoint — detections should not be scoped to a single product variant. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Avid NEXIS Agent - Arbitrary File Read
nuclei·CVSS 8.7
CVE-2024-26291 [HIGH] Avid NEXIS Agent - Arbitrary File Read
Avid NEXIS Agent - Arbitrary File Read
Avid NEXIS E-series, F-series, PRO+, and System Director Appliance (SDA+) before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication.
Template:
id: CVE-2024-26291
info:
name: Avid NEXIS Agent - Arbitrary File Read
author: DhiyaneshDK
severity: high
description: |
Avid NEXIS E-series, F-series, PRO+, and System Director Appliance (SDA+) before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication.
impact: |
Unauthenticated attackers can read sensitive
No writeups or analysis indexed.
2025-07-14
Published