CVE-2025-47415

MEDIUM

CRESTRON TOUCHSCREENS x70 - Path Traversal

Title source: llm

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected Firmware: 3.002.1061 - (no fix released, product discontinued) For x70  The Affected Firmware:- 3.000.0110.001  and versions below The Fixed Firmware:- 3.001.0031.001

References (2)

Core 2

Core References

Various Sources vendor-advisory

https://security.crestron.com

Various Sources patch

https://www.crestron.com/Software-Firmware/Firmware/Touchpanels/TS-770-TS-1070-TSS-770-TSS-1070-TSW-570/3-002-0040-001

Scores

CVSS v4 6.8

EPSS 0.0043

EPSS Percentile 34.1%

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

CRESTRON/TOUCHSCREENS x60, x70 series 3.000.0110.001 - 3.001.0031.001

Published Sep 09, 2025

Tracked Since Feb 18, 2026