CVE-2025-14253

MEDIUM

Vitals ESP - Path Traversal

Title source: llm

Description

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

References (2)

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-10542-4c682-1.html

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-10543-380bd-2.html

Scores

CVSS v3 4.9

EPSS 0.0008

EPSS Percentile 24.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-36

Status published

Products (1)

gss/vitalsesp < 6.3

Published Dec 08, 2025

Tracked Since Feb 18, 2026