CVE-2025-27937
MEDIUMSIOS Quick Agent V3 < 3.2.1 and V2 < 2.9.8 - Authenticated Path Traversal
Title source: llmDescription
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product.
References (3)
Core 3
Core References
Various Sources
https://mfp-support.sios.jp/hc/ja/articles/45853460006937
Various Sources
https://siosapps.sios.jp/agent_info/20250425001.html
Third Party Advisory
https://jvn.jp/en/jp/JVN82536398/
Scores
CVSS v3
6.5
EPSS
0.0060
EPSS Percentile
44.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
SIOS Technology, Inc./Quick Agent V2
prior to Ver2.9.8
SIOS Technology, Inc./Quick Agent V3
prior to Ver3.2.1
Published
Apr 28, 2025
Tracked Since
Feb 18, 2026