Volerion logoVolerion
Volerion logoVolerion

Nozomi Networks Guardian and CMC Path Traversal Vulnerability in Import Arc Data Archive Functionality

Vulnerability

A path traversal vulnerability exists in the Import Arc data archive feature of Nozomi Networks Guardian and CMC versions prior to 25.5.0. This vulnerability arises from inadequate validation of input files, allowing authenticated users with limited privileges to upload specially crafted Arc data archives. Exploitation of this vulnerability could lead to the unauthorized writing of files in arbitrary locations, potentially altering device configurations or disrupting availability.

Impact

Exploitation allows for arbitrary file writing in any location, which can modify device configurations or impact availability.

Remediation

Users are advised to upgrade to version 25.5.0 or later. Nozomi customers should also review and manage accounts with access to the web management interface.

Added: Dec 18, 2025, 2:18 PM
Updated: Dec 18, 2025, 3:09 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
5.0
exploitability
4.9
remediation
7.9
relevance
1.4
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.