CVE-2025-13791 is a path traversal vulnerability identified in Scada-LTS, an open-source SCADA (Supervisory Control and Data Acquisition) system used for industrial control and monitoring. The vulnerability exists in the Common.getHomeDir function within the Project Import component, specifically in the ZIPProjectManager.java file. This flaw allows an attacker to manipulate file path inputs to traverse directories outside the intended scope, potentially accessing sensitive files on the host system. The vulnerability affects versions 2.7.8.0 and 2.7.8.1 of Scada-LTS. The attack vector is remote network access, requiring low privileges but no user interaction, making exploitation feasible in many environments. The CVSS 4.0 base score is 5.3 (medium severity), reflecting the moderate impact on confidentiality, integrity, and availability, with partial scope and no authentication required. Although no active exploitation has been reported, a public exploit is available, increasing the risk of future attacks. The vendor has not responded to early disclosure attempts, and no official patch or mitigation guidance has been released. This vulnerability could allow attackers to read arbitrary files, potentially exposing configuration files, credentials, or other sensitive data, and could be leveraged for further attacks or disruption of industrial processes.

For European organizations, especially those operating critical infrastructure such as energy, manufacturing, water treatment, and transportation that rely on SCADA systems like Scada-LTS, this vulnerability poses a significant risk. Unauthorized file access could lead to exposure of sensitive operational data, credentials, or system configurations, enabling attackers to escalate privileges or disrupt industrial processes. This could result in operational downtime, safety hazards, regulatory non-compliance, and reputational damage. Given the remote exploitability and availability of a public exploit, attackers could target European industrial environments to conduct espionage, sabotage, or ransomware attacks. The medium severity score indicates a moderate but tangible risk, particularly in environments where Scada-LTS is deployed with network exposure or insufficient segmentation. The lack of vendor response and patches increases the urgency for organizations to implement compensating controls to reduce attack surface and monitor for exploitation attempts.

1. Immediately restrict network access to Scada-LTS management interfaces and Project Import functionality using firewalls, VPNs, or network segmentation to limit exposure to trusted administrators only. 2. Implement strict access controls and monitor file system access logs for unusual or unauthorized file reads that may indicate exploitation attempts. 3. Disable or restrict the Project Import feature if not essential to operations, reducing the attack surface. 4. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect path traversal patterns or anomalous requests targeting Scada-LTS endpoints. 5. Conduct thorough audits of Scada-LTS deployments to identify affected versions and prioritize upgrades or mitigations. 6. Develop and test incident response plans specific to SCADA environments to quickly contain and remediate potential breaches. 7. Engage with the vendor or community for updates or unofficial patches and consider contributing to open-source fixes if feasible. 8. Maintain regular backups of critical configuration and operational data to enable recovery in case of compromise. 9. Educate operational technology (OT) staff about this vulnerability and encourage vigilance for suspicious activity. 10. Consider deploying application-layer gateways or proxies that can sanitize inputs to the vulnerable function until a patch is available.