CVE-2025-53080
published 2025-07-29CVE-2025-53080: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create…
PriorityP342medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.33%
24.7th percentile
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | data_management_server_firmware | >= 2.0.0 < 2.3.13.1 | 2.3.13.1 |
| samsung | data_management_server_firmware | >= 2.5.0.17 < 2.6.14.1 | 2.6.14.1 |
| samsung | data_management_server_firmware | >= 2.7.0.15 < 2.9.3.6 | 2.9.3.6 |
| samsung_electronics | data_management_server | >= 2.0.0 < 2.3.13.1 | 2.3.13.1 |
| samsung_electronics | data_management_server | >= 2.5.0.17 < 2.6.14.1 | 2.6.14.1 |
| samsung_electronics | data_management_server | >= 2.7.0.15 < 2.9.3.6 | 2.9.3.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r2jv-9p2f-wjmj: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers t
ghsa_unreviewed·2025-07-29
CVE-2025-53080 [HIGH] CWE-22 GHSA-r2jv-9p2f-wjmj: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers t
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
CISA ICS
Samsung HVAC DMS
cisa_ics·2025-07-29·CVSS 6.5
[MEDIUM] Samsung HVAC DMS
ICS Advisory
##
Samsung HVAC DMS
Release DateJuly 29, 2025
Alert CodeICSA-25-210-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 7.5
- ATTENTION: Exploitable remotely
- Vendor: Samsung
- Equipment: HVAC DMS
- Vulnerabilities: Execution After Redirect (EAR), Deserialization of Untrusted Data, Absolute Path Traversal, Use of Potentially Dangerous Function, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Relative Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities can lead to unauthenticated remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Samsung HVAC DMS,
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-29
Published