Avid NEXIS E-Series, F-Series, and PRO+ Authenticated Arbitrary File Deletion Vulnerability

A vulnerability allowing authenticated users to delete arbitrary files has been identified in Avid NEXIS E-series, F-series, and PRO+ versions prior to 2025.5.1. This vulnerability arises because the application, which runs with high privileges, does not properly validate file deletion requests, enabling the removal of critical files such as '/etc/shadow' on Linux or equivalent files on Windows.

Impact

Exploitation of this vulnerability allows for authenticated users to delete critical system files, potentially leading to severe disruption of the application's functionality or system stability.

Reproduction

The vulnerability can be reproduced by sending a GET request to the '/agent' endpoint with the 'filename' parameter set to the path of the file to be deleted, such as '/etc/passwd' or a similar critical file on Windows. The request must also include the appropriate cookies for authentication.

Remediation

Users are advised to restrict access to the Avid NEXIS Web Agent port (default 5015) using a firewall allowlist approach.