CVE-2025-9142

Summary

A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory.

Affected Software

VendorProductVersion RangeStatus
checkpointHramony SASECheck Point Harmony SASE Windows Agent versions prior to 12.2affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References