CVE-2025-25539
MEDIUMOneSpan Vasco Self-Service Portal < 3.14 - Local File Inclusion via Help Menu
Title source: llmDescription
Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/sornram9254/15eb12579b7acda8ba021217366960bd
Scores
CVSS v3
6.5
EPSS
0.0036
EPSS Percentile
27.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-98
Status
published
Products (1)
onespan/vasco_self-service_portal
< 3.14
Published
May 21, 2025
Tracked Since
Feb 18, 2026