CVE-2025-53079 - Vulnerability Details - OpenCVE

Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Samsung	Data Management Server Data Management Server Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:samsung:data_management_server_firmware::::::::
	cpe:2.3:o:samsung:data_management_server_firmware::::::::
	cpe:2.3:o:samsung:data_management_server_firmware::::::::

cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security.samsungda.com/securityUpdates.html

History

Mon, 11 Aug 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Samsung data Management Server Firmware
CPEs		cpe:2.3:h:samsung:data_management_server:-:::::::* cpe:2.3:o:samsung:data_management_server_firmware::::::::
Vendors & Products		Samsung data Management Server Firmware

Wed, 30 Jul 2025 06:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Samsung Samsung data Management Server
Vendors & Products		Samsung Samsung data Management Server

Tue, 29 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 29 Jul 2025 05:15:00 +0000

Type	Values Removed	Values Added
Description		Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
Weaknesses		CWE-36
References		https://security.samsungda.com/securityUpdates.html
Metrics		cvssV3_1 `{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: samsung.tv_appliance

Published: 2025-07-29T05:04:48.482Z

Updated: 2025-07-29T14:51:16.460Z

Reserved: 2025-06-24T23:17:22.556Z

Link: CVE-2025-53079

Vulnrichment

Updated: 2025-07-29T14:50:02.220Z

NVD

Status : Analyzed

Published: 2025-07-29T05:15:31.980

Modified: 2025-08-11T19:06:08.773

Link: CVE-2025-53079

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53079", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "state": "PUBLISHED", "assignerShortName": "samsung.tv_appliance", "dateReserved": "2025-06-24T23:17:22.556Z", "datePublished": "2025-07-29T05:04:48.482Z", "dateUpdated": "2025-07-29T14:51:16.460Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Data Management Server", "vendor": "Samsung Electronics", "versions": [{"lessThan": "2.3.13.1", "status": "affected", "version": "2.0.0", "versionType": "custom"}, {"lessThan": "2.6.14.1", "status": "affected", "version": "2.5.0.17", "versionType": "custom"}, {"lessThan": "2.9.3.6", "status": "affected", "version": "2.7.0.15", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Noam Moshe of Claroty Team82"}], "datePublic": "2025-07-29T03:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"}], "value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2025-07-29T05:04:48.482Z"}, "references": [{"url": "https://security.samsungda.com/securityUpdates.html"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-29T14:49:55.925035Z", "id": "CVE-2025-53079", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:51:16.460Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53079", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-29T14:49:55.925035Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-29T14:50:02.220Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Noam Moshe of Claroty Team82"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Samsung Electronics", "product": "Data Management Server", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "2.3.13.1", "versionType": "custom"}, {"status": "affected", "version": "2.5.0.17", "lessThan": "2.6.14.1", "versionType": "custom"}, {"status": "affected", "version": "2.7.0.15", "lessThan": "2.9.3.6", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2025-07-29T03:00:00.000Z", "references": [{"url": "https://security.samsungda.com/securityUpdates.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files", "supportingMedia": [{"type": "text/html", "value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "shortName": "samsung.tv_appliance", "dateUpdated": "2025-07-29T05:04:48.482Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53079", "state": "PUBLISHED", "dateUpdated": "2025-07-29T14:51:16.460Z", "dateReserved": "2025-06-24T23:17:22.556Z", "assignerOrgId": "ca193ba2-0cff-4e34-b04e-1ea07103c6fe", "datePublished": "2025-07-29T05:04:48.482Z", "assignerShortName": "samsung.tv_appliance"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "620C0889-6BB6-477F-BBB3-F23A81F81254", "versionEndExcluding": "2.3.13.1", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2362518-8040-4FFD-9567-DC22015DD7EB", "versionEndExcluding": "2.6.14.1", "versionStartIncluding": "2.5.0.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:data_management_server_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "51C84E33-C218-4A9A-B0F0-3B4DA1E90AA5", "versionEndExcluding": "2.9.3.6", "versionStartIncluding": "2.7.0.15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:data_management_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFF4DB9B-396F-428D-BCDD-F2DE7AF45884", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files"}, {"lang": "es", "value": "Path Traversal absoluto en Samsung DMS(Data Management Server) permite que un atacante autenticado (administrador) lea archivos confidenciales"}], "id": "CVE-2025-53079", "lastModified": "2025-08-11T19:06:08.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "PSIRT@samsung.com", "type": "Secondary"}]}, "published": "2025-07-29T05:15:31.980", "references": [{"source": "PSIRT@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungda.com/securityUpdates.html"}], "sourceIdentifier": "PSIRT@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "PSIRT@samsung.com", "type": "Secondary"}]}