CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03.

CVSS

No CVSS.

References

Link	Resource
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json

Configurations

No configuration.

History

27 Mar 2026, 09:16

Type	Values Removed	Values Added
Summary		(es) Lecturas globales de archivos causadas por comprobaciones de URL incorrectas en el servidor web en smartLinks de Softing Industrial Automation GmbH en docker (módulos del sistema de archivos) permiten el acceso a archivos. Este problema afecta a smartLink SW-HT: hasta la versión 1.42 smartLink SW-PN: hasta la versión 1.03.
References	~~{'url': 'https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html', 'source': '10de8ef9-5c89-4b17-8228-e97b74acf4bd'}~~ ~~{'url': 'https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json', 'source': '10de8ef9-5c89-4b17-8228-e97b74acf4bd'}~~	() https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html - () https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json -

16 Mar 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:17

Updated : 2026-06-17 08:28

NVD link : CVE-2025-10461

Mitre link : CVE-2025-10461

CVE.ORG link : CVE-2025-10461

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-10461", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-10461", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:27:44.548413Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 5.3, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:L/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "affectedData": [{"vendor": "Softing", "modules": ["filesystem"], "product": "smartLink SW-HT", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.42"}, {"status": "unaffected", "version": "1.43", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "Softing", "modules": ["filesystem"], "product": "smartLink SW-PN", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.03"}, {"status": "unaffected", "version": "1.04"}], "defaultStatus": "unaffected"}]}], "published": "2026-03-16T14:17:53.620", "references": [{"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html", "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd"}, {"url": "https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json", "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "10de8ef9-5c89-4b17-8228-e97b74acf4bd", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.\n\n\n\nThis issue affects\n\nsmartLink SW-HT: through 1.42\n\nsmartLink SW-PN: through 1.03."}, {"lang": "es", "value": "Lecturas globales de archivos causadas por comprobaciones de URL incorrectas en el servidor web en smartLinks de Softing Industrial Automation GmbH en docker (m\u00f3dulos del sistema de archivos) permiten el acceso a archivos.\n\nEste problema afecta a\n\nsmartLink SW-HT: hasta la versi\u00f3n 1.42\n\nsmartLink SW-PN: hasta la versi\u00f3n 1.03."}], "lastModified": "2026-06-17T08:28:22.413", "sourceIdentifier": "10de8ef9-5c89-4b17-8228-e97b74acf4bd"}