CVE-2025-27937

Summary

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product.

Affected Software

VendorProductVersion RangeStatus
SIOS Technology, Inc.Quick Agent V3prior to Ver3.2.1affected
SIOS Technology, Inc.Quick Agent V2prior to Ver2.9.8affected

Weaknesses

  • CWE-22: Improper limitation of a pathname to a restricted directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References