CVE-2025-12003Path Traversal in Router

CWE-22Path TraversalCWE-306Missing Authentication for Critical Function3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.4%
top 37.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Asus Router
Timeline
PublishedNov 25

Description

A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device. Refer to the ' Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5asus/router3.0.0.4_386, 3.0.0.4_388, 3.0.0.6_102+2

🔴Vulnerability Details

2
CVEList
CVE-2025-12003: A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device2025-11-25
GHSA
GHSA-52q6-pxh7-fpmg: A path traversal vulnerability has been identified in WebDAV, which may allow unauthenticated remote attackers to impact the integrity of the device2025-11-25
CVE-2025-12003 — Path Traversal in Asus Router | cvebase