Platform
other
Component
onlinesuite
Fixed in
3.0.1
CVE-2025-3365 is a critical Path Traversal vulnerability affecting OnlineSuite versions 3.0 through 3.0. This flaw allows unauthorized access to any file on the server, potentially exposing sensitive data and system configurations. The vulnerability was published on 2025-06-06, and a patch is available in version 3.0.1.
The impact of this Path Traversal vulnerability is severe. An attacker can leverage it to read arbitrary files from the server's file system. This includes potentially accessing configuration files containing database credentials, source code, or other sensitive information. Successful exploitation could lead to complete system compromise, data breaches, and denial of service. The ability to read any file significantly expands the attack surface and increases the potential for data exfiltration.
CVE-2025-3365 has been published and is considered critical due to the potential for widespread data exposure. Public proof-of-concept exploits are not yet available, but the ease of exploitation inherent in Path Traversal vulnerabilities suggests a high likelihood of exploitation if left unpatched. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Exploit Status
EPSS
0.19% (41% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-3365 is to immediately upgrade OnlineSuite to version 3.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions and implementing strict input validation on any file paths used by the application. Web Application Firewalls (WAFs) configured with rules to block path traversal attempts (e.g., filtering for '../' sequences) can provide an additional layer of defense. After upgrading, confirm the fix by attempting to access a known sensitive file via a path traversal request; it should be denied.
Update OnlineSuite to a version that fixes the path traversal vulnerability. Consult the vendor's website (B. Braun Melsungen AG) for the latest version and update instructions. Apply the security measures recommended by the vendor to mitigate the risk of unauthorized file access.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-3365 is a critical vulnerability allowing attackers to access any file on the server running OnlineSuite versions 3.0–3.0.
Yes, if you are running OnlineSuite version 3.0, you are affected by this vulnerability and should upgrade immediately.
Upgrade to version 3.0.1 or later to resolve the vulnerability. Consider temporary workarounds like restricting file access if immediate upgrade isn't possible.
While no active exploitation has been confirmed, the ease of exploitation suggests a high likelihood if left unpatched.
Refer to the OnlineSuite official website or security advisory page for the latest information and updates regarding CVE-2025-3365.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.