CVE-2025-4377

Summary

Improper Limitation of a Pathname caused a Path Traversal vulnerability in Sparx Systems Pro Cloud Server.

This vulnerability is present in logview.php and it allows reading arbitrary files on the filesystem. 

Logview is accessible on Pro Cloud Server Configuration interface.

This issue affects Pro Cloud Server: earlier than 6.0.165.

Affected Software

VendorProductVersion RangeStatus
Sparx SystemsPro Cloud Server0 <= 6.0.163affected
Sparx SystemsPro Cloud Server6.0.165unaffected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References