Unrated severityCISA KEVNVD Advisory· Published May 5, 2025· Updated Oct 21, 2025

CVE-2025-27920

Description

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

Affected products

Srimax/Output Messengerv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.outputmessenger.com/cve-2025-27920/mitre
www.srimax.com/products-2/output-messenger/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.040
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000