What is CVE-2025-27092?

CVE-2025-27092 is a high-severity path traversal vulnerability in CMU GHOSTS, which allows attackers to read arbitrary files from the server. Immediate patching is necessary to mitigate risks.

What is the severity of CVE-2025-27092?

CVE-2025-27092 has a severity rating of HIGH with a CVSS base score of 8.7.

CVE-2025-27092 | High Vulnerability in CMU GHOSTS

GHOSTS is an open-source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint. The vulnerability exists in the /api/npcs/{id}/photo endpoint, which is designed to serve profile photos for NPCs (Non-Player Characters) but fails to properly validate and sanitize file paths.

When an NPC is created with a specially crafted photoLink value containing path traversal sequences (../, ..\, etc.), the application processes these sequences without proper sanitization. This allows an attacker to traverse directory structures and access files outside of the intended photo directory, potentially exposing sensitive system files. The vulnerability is particularly severe because it allows reading arbitrary files from the server's filesystem with the permissions of the web application process, which could include configuration files, credentials, or other sensitive data.

This issue has been addressed in version 8.2.7.90, and all users are advised to upgrade. There are no known workarounds for this vulnerability.

With a CVSS score of 8.7, this vulnerability is classified as high severity, necessitating immediate action from organizations that utilize GHOSTS.

Vulnerability Details

The vulnerability allows attackers to exploit the path traversal flaw in GHOSTS, which is detailed in the official CVE description. The vulnerability type is classified as path traversal, which falls under CWE-22. The CVSS score of 8.7 indicates a high severity level, and the affected product is the CMU GHOSTS framework.

Technical Analysis

The root cause of the vulnerability is the lack of proper validation and sanitization of file paths in the photo retrieval endpoint. Attackers may exploit this flaw by sending specially crafted requests that include path traversal sequences, allowing them to read arbitrary files from the server’s filesystem.

The attack vector is network-based, with low attack complexity and no privileges required. User interaction is not necessary for exploitation. Confidentiality impact is high, while integrity and availability impacts are none.

Risk & Impact Analysis

Risk to organizations includes exposure of sensitive data, such as configuration files and credentials, which can lead to unauthorized access or further compromise of the system. The blast radius could be significant, depending on the permissions of the web application process. Given the high CVSS score, organizations should prioritize patching immediately.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version of GHOSTS is 8.0.0.0 up to, but not including, 8.2.7.90. All users are advised to upgrade to the latest version to mitigate this vulnerability.

Mitigation & Remediation

Users should upgrade to GHOSTS version 8.2.7.90 or later. Organizations may also implement configuration hardening and network controls to restrict access to the API endpoints. For further guidance, organizations should consider penetration testing to assess their security posture.

Detection Guidance

Monitoring for unusual access patterns to the /api/npcs/{id}/photo endpoint should be prioritized. Log indicators of potential exploitation include failed access attempts to sensitive files and unusual request patterns. Additionally, organizations should review system changes that could correlate with unauthorized access.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential for exploitation and the exposure of sensitive data. Security teams must learn from this incident and ensure that proper validation and sanitization are implemented across all file handling functionalities. Organizations should continually assess their security posture and invest in penetration testing methodologies to identify and remediate similar vulnerabilities proactively.

This vulnerability exemplifies the need for a robust vulnerability management program, which includes timely updates and security assessments. Implementing a vulnerability management program helps organizations mitigate risks associated with similar vulnerabilities.

Security teams should also consider API penetration testing to identify weaknesses in their APIs and prevent potential data breaches.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-27092: High Vulnerability in CMU GHOSTS