CVE-2025-0630

Summary

Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.

Affected Software

VendorProductVersion RangeStatus
Western Telematic IncNetwork Power Switch (NPS Series)0 <= 6.62affected
Western Telematic IncConsole Server (DSM Series)0 <= 6.62affected
Western Telematic IncConsole Server + PDU Combo Unit (CPM Series)0 <= 6.62affected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References