CVE-2025-28382 is a directory traversal vulnerability identified in the openc3-api/tables endpoint of OpenC3 COSMOS software versions before 6.1.0. This vulnerability stems from improper sanitization of user-supplied input in the API endpoint, allowing attackers to manipulate file path parameters to access files outside the intended directory scope. Specifically, the vulnerability corresponds to CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), enabling attackers to traverse directories and read arbitrary files on the server filesystem. The vulnerability is remotely exploitable over the network without requiring authentication or user interaction, making it highly accessible to attackers. The CVSS v3.1 base score is 7.5, indicating high severity primarily due to the impact on confidentiality (complete disclosure of sensitive files) while integrity and availability remain unaffected. Although no public exploits have been reported yet, the ease of exploitation and potential for sensitive data exposure make this a critical concern. The lack of available patches at the time of disclosure necessitates immediate attention to alternative mitigations such as input validation, network segmentation, and monitoring for suspicious access patterns. OpenC3 COSMOS is used in various operational technology and command and control environments, increasing the risk profile for organizations relying on this platform.

For European organizations, exploitation of CVE-2025-28382 could lead to unauthorized disclosure of sensitive configuration files, credentials, or operational data stored on OpenC3 COSMOS servers. This breach of confidentiality could facilitate further attacks, including lateral movement or espionage, especially in sectors like critical infrastructure, manufacturing, and defense where OpenC3 COSMOS is deployed. The vulnerability does not directly affect system integrity or availability, but the exposure of sensitive information could undermine trust, cause regulatory compliance issues (e.g., GDPR violations), and lead to operational disruptions if attackers leverage disclosed data for subsequent attacks. Given the remote and unauthenticated nature of the exploit, attackers can target exposed endpoints without insider access, increasing the threat surface. Organizations with interconnected OT and IT environments may face compounded risks if attackers use disclosed information to pivot into other systems.

Until an official patch for OpenC3 COSMOS 6.1.0 or later is available, European organizations should implement strict input validation and sanitization on the openc3-api/tables endpoint to block directory traversal sequences such as '../'. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal attempts. Restrict network access to the API endpoint by implementing IP whitelisting and segmentation to limit exposure to trusted sources only. Monitor logs for unusual file access patterns or repeated traversal attempts indicative of exploitation attempts. Conduct regular audits of file permissions on servers to minimize sensitive data exposure if traversal occurs. Once patches are released, prioritize timely deployment and verify the effectiveness of the fix through penetration testing. Additionally, educate security teams about this vulnerability to enhance detection and response capabilities.