CVE-2025-4078
MEDIUM EXPLOITED NUCLEIWangshen SecGate 3600 2400 - Path Traversal
Title source: llmExploitation Summary
CVE-2025-4078 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Nuclei Templates (1)
Wangshen SecGate 3600 Path Traversal Vulnerability
MEDIUMVERIFIEDby Ark
FOFA:
fid="1Lh1LHi6yfkhiO83I59AYg=="
References (4)
Core 4
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.306515
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.306515
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.560540
Various Sources exploit
https://flowus.cn/share/f5c70c53-737b-470b-aa2e-6d5524f849fb?code=G8A6P3
Scores
CVSS v3
4.3
EPSS
0.0093
EPSS Percentile
55.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2026-04-30
CWE
CWE-22
Status
published
Products (1)
Wangshen/SecGate 3600
2400
Published
Apr 29, 2025
Tracked Since
Feb 18, 2026