What is CVE-2025-27920?

A high-severity directory traversal vulnerability exists in Srimax Output Messenger versions prior to 2.0.63. Attackers may exploit this flaw to access sensitive files, posing significant risks to organizations. Immediate action is required to mitigate potential impacts.

What is the severity of CVE-2025-27920?

CVE-2025-27920 has a severity rating of HIGH with a CVSS base score of 7.2.

Is CVE-2025-27920 in CISA KEV?

Yes. CVE-2025-27920 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2025-27920 | High Vulnerability in Srimax Output Messenger

This vulnerability allows a directory traversal attack due to improper file path handling in Srimax Output Messenger before version 2.0.63. Attackers can exploit this flaw by using '../' sequences in parameters to access sensitive files outside the intended directory. This could lead to configuration leakage or arbitrary file access, which is a high-severity risk for affected organizations.

The CVSS score for this vulnerability is 7.2, classifying it as high severity. This score indicates a significant risk, particularly because successful exploitation can lead to unauthorized access to sensitive information. Given the potential impact, organizations should be aware of the urgency to address this vulnerability.

As of now, no public exploit has been confirmed. However, the fact that this vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog suggests that it is actively being targeted in the wild. Therefore, organizations should prioritize patching immediately.

Organizations using Srimax Output Messenger must take immediate action to mitigate risks associated with this vulnerability by applying the necessary updates or patches provided by the vendor.

Vulnerability Details

The vulnerability is classified as a directory traversal issue, with the official description stating that 'Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling.' The CVSS score from NVD is 8.8, indicating a high severity level with potential impacts on confidentiality, integrity, and availability.

The affected product is Srimax Output Messenger, with the vulnerability disclosed on May 5, 2025. The Common Weakness Enumeration (CWE) classification for this vulnerability is CWE-24.

Technical Analysis

The root cause of this vulnerability stems from inadequate validation of file paths, allowing attackers to manipulate file access. The attack vector is network-based, meaning exploitation requires no physical access to the system. The complexity of the attack is low, and no privileges are required for exploitation, making this vulnerability particularly dangerous.

User interaction is not required for the attack, which increases the risk as it can be executed without any action from victims. The impacts on confidentiality and integrity are categorized as low, while availability is not affected.

Risk & Impact Analysis

The real-world deployment risk of this vulnerability is significant, as it allows unauthorized access to sensitive files, potentially leading to data breaches and loss of confidentiality. Organizations must assess their exposure to this vulnerability, particularly if they are using versions of Output Messenger prior to 2.0.63.

The urgency for organizations is high, given the active exploitation status and the inclusion of this CVE in the KEV catalog. Organizations should address this vulnerability in their priority patch cycle to mitigate potential impacts.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

All versions of Output Messenger prior to 2.0.63 are affected by this vulnerability. Organizations should ensure they upgrade to the latest version to mitigate risks.

Mitigation & Remediation

To mitigate this vulnerability, organizations should apply the latest patches provided by the vendor. If patches are not immediately available, organizations should consider implementing workarounds such as restricting access to sensitive directories and monitoring for unusual file access attempts.

For more robust security, organizations may also want to consider engaging in penetration testing to assess their security posture.

Detection Guidance

Organizations should monitor logs for indicators of directory traversal attempts, including unusual file access patterns. Behavioral anomalies, such as unexpected changes to configuration files, should also be investigated promptly.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing risks associated with improper file handling and directory traversal attacks. Organizations must remain vigilant and implement robust security measures to mitigate these risks effectively. For further insights, organizations can refer to our resources on vulnerability management programs and penetration testing methodologies to strengthen their defenses against similar threats.

Additionally, organizations should consider reviewing their cloud penetration testing approaches to ensure comprehensive security measures are in place.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-27920: High Vulnerability in Srimax Output Messenger