CVE-2025-28384 is a directory traversal vulnerability identified in the /script-api/scripts/ endpoint of OpenC3 COSMOS version 6.0.0. Directory traversal vulnerabilities occur when an application fails to properly sanitize user-supplied input, allowing attackers to manipulate file paths and access files and directories outside the intended scope. In this case, the vulnerability allows an attacker to craft specially designed requests to the /script-api/scripts/ endpoint to traverse directories on the server hosting OpenC3 COSMOS. This can lead to unauthorized access to sensitive files, including configuration files, source code, or other critical data stored on the server. The vulnerability does not have a CVSS score assigned yet, and no known exploits have been reported in the wild as of the publication date. However, the presence of directory traversal in an API endpoint that likely handles script execution or management poses a significant risk. Exploiting this vulnerability could enable attackers to read arbitrary files, potentially exposing credentials, internal logic, or other sensitive information. Depending on the server configuration and privileges of the application, this could also lead to further exploitation such as code execution or privilege escalation. The lack of available patches or mitigations at the time of publication increases the urgency for affected organizations to assess their exposure and implement compensating controls. OpenC3 COSMOS is a specialized software platform, and the exact scope of affected versions is not specified beyond version 6.0.0. The vulnerability was reserved in March 2025 and published in June 2025, indicating recent discovery and disclosure.

For European organizations using OpenC3 COSMOS 6.0.0, this vulnerability could have serious consequences. Unauthorized file access through directory traversal can compromise confidentiality by exposing sensitive data such as credentials, internal scripts, or configuration files. Integrity could be indirectly affected if attackers leverage the information gained to modify files or inject malicious scripts. Availability might also be impacted if attackers disrupt normal operations by manipulating critical files or triggering failures. Organizations in sectors relying on OpenC3 COSMOS for operational or mission-critical functions—such as aerospace, defense, or industrial control systems—may face heightened risks due to the strategic importance of their data and systems. The absence of known exploits currently reduces immediate risk, but the vulnerability's nature makes it a likely target for attackers once exploit code becomes available. Additionally, the lack of patches means organizations must rely on detection and mitigation strategies to protect their environments. Given the potential for sensitive data exposure and the possibility of escalation to remote code execution, the overall impact on confidentiality, integrity, and availability is significant.

1. Immediate mitigation should include restricting access to the /script-api/scripts/ endpoint through network-level controls such as firewalls or web application firewalls (WAFs) to limit exposure to trusted IP addresses only. 2. Implement strict input validation and sanitization on all user-supplied parameters interacting with file paths, especially those related to the vulnerable endpoint, to prevent directory traversal sequences (e.g., ../). 3. Monitor logs for unusual access patterns or attempts to access unauthorized files via the endpoint, enabling early detection of exploitation attempts. 4. If feasible, isolate the OpenC3 COSMOS server in a segmented network zone with limited access to sensitive internal resources to reduce potential lateral movement. 5. Engage with the vendor or community to obtain patches or updates as soon as they become available and prioritize their deployment. 6. Conduct a thorough audit of files accessible by the application process to ensure no sensitive files are unnecessarily exposed or accessible. 7. Employ application-layer security tools that can detect and block directory traversal attempts in real time. 8. Educate system administrators and security teams about this vulnerability to ensure rapid response to any suspicious activity. These measures go beyond generic advice by focusing on network segmentation, monitoring, and vendor engagement specific to the nature of this vulnerability and the affected software.