CVE-2025-14224

Summary

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
YottamasterDM21.2.0affected
YottamasterDM21.2.1affected
YottamasterDM21.2.2affected
YottamasterDM21.2.3affected
YottamasterDM21.2.4affected
YottamasterDM21.2.5affected
YottamasterDM21.2.6affected
YottamasterDM21.2.7affected
YottamasterDM21.2.8affected
YottamasterDM21.2.9affected
YottamasterDM21.2.10affected
YottamasterDM21.2.11affected
YottamasterDM21.2.12affected
YottamasterDM21.2.13affected
YottamasterDM21.2.14affected
YottamasterDM21.2.15affected
YottamasterDM21.2.16affected
YottamasterDM21.2.17affected
YottamasterDM21.2.18affected
YottamasterDM21.2.19affected
YottamasterDM21.2.20affected
YottamasterDM21.2.21affected
YottamasterDM21.2.22affected
YottamasterDM21.2.23affected
YottamasterDM21.9.0affected
YottamasterDM21.9.1affected
YottamasterDM21.9.2affected
YottamasterDM21.9.3affected
YottamasterDM21.9.4affected
YottamasterDM21.9.5affected
YottamasterDM21.9.6affected
YottamasterDM21.9.7affected
YottamasterDM21.9.8affected
YottamasterDM21.9.9affected
YottamasterDM21.9.10affected
YottamasterDM21.9.11affected
YottamasterDM21.9.12affected
YottamasterDM31.2.0affected
YottamasterDM31.2.1affected
YottamasterDM31.2.2affected
YottamasterDM31.2.3affected
YottamasterDM31.2.4affected
YottamasterDM31.2.5affected
YottamasterDM31.2.6affected
YottamasterDM31.2.7affected
YottamasterDM31.2.8affected
YottamasterDM31.2.9affected
YottamasterDM31.2.10affected
YottamasterDM31.2.11affected
YottamasterDM31.2.12affected
YottamasterDM31.2.13affected
YottamasterDM31.2.14affected
YottamasterDM31.2.15affected
YottamasterDM31.2.16affected
YottamasterDM31.2.17affected
YottamasterDM31.2.18affected
YottamasterDM31.2.19affected
YottamasterDM31.2.20affected
YottamasterDM31.2.21affected
YottamasterDM31.2.22affected
YottamasterDM31.2.23affected
YottamasterDM31.9.0affected
YottamasterDM31.9.1affected
YottamasterDM31.9.2affected
YottamasterDM31.9.3affected
YottamasterDM31.9.4affected
YottamasterDM31.9.5affected
YottamasterDM31.9.6affected
YottamasterDM31.9.7affected
YottamasterDM31.9.8affected
YottamasterDM31.9.9affected
YottamasterDM31.9.10affected
YottamasterDM31.9.11affected
YottamasterDM31.9.12affected
YottamasterDM2001.2.0affected
YottamasterDM2001.2.1affected
YottamasterDM2001.2.2affected
YottamasterDM2001.2.3affected
YottamasterDM2001.2.4affected
YottamasterDM2001.2.5affected
YottamasterDM2001.2.6affected
YottamasterDM2001.2.7affected
YottamasterDM2001.2.8affected
YottamasterDM2001.2.9affected
YottamasterDM2001.2.10affected
YottamasterDM2001.2.11affected
YottamasterDM2001.2.12affected
YottamasterDM2001.2.13affected
YottamasterDM2001.2.14affected
YottamasterDM2001.2.15affected
YottamasterDM2001.2.16affected
YottamasterDM2001.2.17affected
YottamasterDM2001.2.18affected
YottamasterDM2001.2.19affected
YottamasterDM2001.2.20affected
YottamasterDM2001.2.21affected
YottamasterDM2001.2.22affected
YottamasterDM2001.2.23affected
YottamasterDM2001.9.0affected
YottamasterDM2001.9.1affected
YottamasterDM2001.9.2affected
YottamasterDM2001.9.3affected
YottamasterDM2001.9.4affected
YottamasterDM2001.9.5affected
YottamasterDM2001.9.6affected
YottamasterDM2001.9.7affected
YottamasterDM2001.9.8affected
YottamasterDM2001.9.9affected
YottamasterDM2001.9.10affected
YottamasterDM2001.9.11affected
YottamasterDM2001.9.12affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References