CVE-2025-51539

MEDIUM

ezged3 3.5.0-3.5.72.27183 - Unauthenticated Arbitrary File Read via Path Traversal

Title source: llm

Description

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem. The script lacks both authentication checks and secure path handling, allowing directory traversal attacks (e.g., ../../../) to access sensitive files such as configuration files, database dumps, source code, and password reset tokens. If phpMyAdmin is exposed, extracted credentials can be used for direct administrative access. In environments without such tools, attacker-controlled file reads still allow full database extraction by targeting raw MySQL data files. The vendor states that the issue is fixed in 3.5.72.27183.

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://ballpoint.fr/en/blog/ezged3-preauth-file-read-admin-takeover

Scores

CVSS v3 5.3

EPSS 0.0067

EPSS Percentile 47.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

ezged/ezged3 3.5.0 - 3.5.72.27183

Published Aug 19, 2025

Tracked Since Feb 18, 2026