Platform
other
Component
onlinesuite
Opgelost in
3.0.1
CVE-2025-3365 is a critical Path Traversal vulnerability affecting OnlineSuite versions 3.0 through 3.0. This flaw allows unauthorized access to any file on the server, potentially exposing sensitive data and system configurations. The vulnerability was published on 2025-06-06, and a patch is available in version 3.0.1.
The impact of this Path Traversal vulnerability is severe. An attacker can leverage it to read arbitrary files from the server's file system. This includes potentially accessing configuration files containing database credentials, source code, or other sensitive information. Successful exploitation could lead to complete system compromise, data breaches, and denial of service. The ability to read any file significantly expands the attack surface and increases the potential for data exfiltration.
CVE-2025-3365 has been published and is considered critical due to the potential for widespread data exposure. Public proof-of-concept exploits are not yet available, but the ease of exploitation inherent in Path Traversal vulnerabilities suggests a high likelihood of exploitation if left unpatched. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Organizations using OnlineSuite version 3.0 are at immediate risk. This includes deployments where OnlineSuite is used to process user-uploaded files or handle sensitive data. Shared hosting environments utilizing OnlineSuite are particularly vulnerable due to the potential for cross-tenant exploitation.
disclosure
Exploit Status
EPSS
0.19% (41% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2025-3365 is to immediately upgrade OnlineSuite to version 3.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions and implementing strict input validation on any file paths used by the application. Web Application Firewalls (WAFs) configured with rules to block path traversal attempts (e.g., filtering for '../' sequences) can provide an additional layer of defense. After upgrading, confirm the fix by attempting to access a known sensitive file via a path traversal request; it should be denied.
Update OnlineSuite naar een versie die de path traversal kwetsbaarheid verhelpt. Raadpleeg de website van de leverancier (B. Braun Melsungen AG) voor de laatste versie en update-instructies. Pas de beveiligingsmaatregelen aan die door de leverancier worden aanbevolen om het risico op ongeautoriseerde toegang tot bestanden te beperken.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-3365 is a critical vulnerability allowing attackers to access any file on the server running OnlineSuite versions 3.0–3.0.
Yes, if you are running OnlineSuite version 3.0, you are affected by this vulnerability and should upgrade immediately.
Upgrade to version 3.0.1 or later to resolve the vulnerability. Consider temporary workarounds like restricting file access if immediate upgrade isn't possible.
While no active exploitation has been confirmed, the ease of exploitation suggests a high likelihood if left unpatched.
Refer to the OnlineSuite official website or security advisory page for the latest information and updates regarding CVE-2025-3365.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.