CVE-2025-28382 is a directory traversal vulnerability identified in the openc3-api/tables endpoint of OpenC3 COSMOS version 6.0.0. Directory traversal vulnerabilities occur when an application fails to properly sanitize user-supplied input, allowing an attacker to manipulate file path parameters to access files and directories outside the intended scope. In this case, the vulnerability exists in the API endpoint responsible for handling table data requests. By exploiting this flaw, an attacker can craft specially designed requests that traverse the directory structure on the server hosting OpenC3 COSMOS, potentially accessing sensitive files such as configuration files, credentials, or other critical system data. This can lead to unauthorized disclosure of information and may serve as a foothold for further attacks. The vulnerability does not have a CVSS score assigned yet, and no known exploits have been reported in the wild as of the publication date (June 13, 2025). The affected version is specifically OpenC3 COSMOS 6.0.0, and no patches or mitigations have been officially released at the time of this report. OpenC3 COSMOS is a software platform used for command and control in satellite and space operations, which implies that the affected systems may be part of critical infrastructure or specialized operational environments. The lack of authentication or user interaction details in the report suggests that the vulnerability might be exploitable remotely if the API endpoint is exposed or accessible within an internal network. The absence of CWE classification and patch links indicates that this is a newly identified issue requiring immediate attention from users of OpenC3 COSMOS 6.0.0.

For European organizations, particularly those involved in aerospace, satellite communications, and space operations, this vulnerability poses a significant risk. Unauthorized directory traversal can lead to exposure of sensitive operational data, including satellite control commands, mission-critical configurations, or cryptographic keys. Such data leakage can compromise the confidentiality and integrity of space mission operations, potentially leading to mission failures or unauthorized control of satellite assets. Given the strategic importance of space infrastructure in Europe, including entities like the European Space Agency (ESA) and various national space agencies, exploitation of this vulnerability could disrupt critical services such as telecommunications, navigation (e.g., Galileo system), and Earth observation. Additionally, if attackers gain access to internal files, they may escalate privileges or move laterally within the network, increasing the scope of compromise. The impact on availability is less direct but could occur if attackers modify or delete critical files after gaining access. The lack of known exploits reduces immediate risk but does not diminish the potential severity given the nature of the affected systems.

1. Immediate Network Segmentation: Restrict access to the openc3-api/tables endpoint by implementing strict network segmentation and firewall rules, ensuring that only authorized systems and personnel can reach the API. 2. Input Validation and Filtering: Implement robust input validation on the server side to sanitize and validate all file path parameters, preventing directory traversal sequences such as '../'. 3. Access Controls: Enforce strict access controls and authentication mechanisms on the API endpoints to limit exposure only to trusted users and systems. 4. Monitoring and Logging: Enable detailed logging of API requests to detect anomalous access patterns indicative of directory traversal attempts. 5. Patch Management: Engage with the OpenC3 COSMOS vendor or community to obtain patches or updates addressing this vulnerability as soon as they become available. 6. Incident Response Preparedness: Prepare incident response procedures specific to this vulnerability, including forensic analysis capabilities to assess any potential exploitation. 7. Environment Hardening: Limit the privileges of the application process running OpenC3 COSMOS to minimize the impact of any directory traversal exploitation. 8. Conduct Security Assessments: Perform penetration testing and code reviews focusing on input handling in the affected API endpoints to identify and remediate similar vulnerabilities.