CVE-2025-28384 is a directory traversal vulnerability identified in the /script-api/scripts/ endpoint of OpenC3 COSMOS software versions before 6.1.0. Directory traversal (CWE-22) allows attackers to manipulate file path inputs to access files and directories outside the intended scope, potentially exposing sensitive system files or application data. This vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The CVSS score of 9.1 reflects a critical severity due to the high impact on confidentiality and integrity, although availability is not affected. Exploiting this flaw could allow attackers to read arbitrary files, which might include configuration files, credentials, or other sensitive information, potentially leading to further compromise or lateral movement within the affected environment. The vulnerability was reserved in March 2025 and published in June 2025, with no known exploits reported yet. The lack of patch links suggests that a fix may not have been released at the time of this report, increasing the urgency for organizations to apply mitigations or monitor for exploitation attempts. OpenC3 COSMOS is used in various sectors, including industrial and defense-related applications, which heightens the risk profile of this vulnerability.

For European organizations, the impact of CVE-2025-28384 can be severe, especially for those relying on OpenC3 COSMOS in critical infrastructure, industrial control systems, or defense sectors. Unauthorized access to sensitive files can lead to exposure of confidential data, intellectual property theft, or leakage of operational details. This could facilitate further attacks such as privilege escalation, system manipulation, or disruption of services indirectly through compromised information. The vulnerability’s ease of exploitation without authentication increases the attack surface and risk of widespread exploitation. Organizations may face regulatory consequences under GDPR if personal or sensitive data is exposed. Additionally, reputational damage and operational disruptions could result from successful exploitation. Given the criticality, European entities must assess their exposure and implement immediate protective measures to reduce risk.

1. Apply patches or updates from OpenC3 COSMOS vendor as soon as they become available to address the vulnerability directly. 2. Until a patch is released, restrict network access to the /script-api/scripts/ endpoint using firewalls, network segmentation, or access control lists to limit exposure. 3. Implement strict input validation and sanitization on the server side to prevent directory traversal payloads from being processed. 4. Monitor logs and network traffic for unusual requests targeting the vulnerable endpoint, especially those containing path traversal patterns (e.g., ../ sequences). 5. Employ web application firewalls (WAFs) with rules designed to detect and block directory traversal attempts. 6. Conduct security audits and penetration testing focused on this endpoint to identify and remediate any additional weaknesses. 7. Educate system administrators and security teams about the vulnerability and encourage rapid incident response readiness. 8. Review and harden file system permissions to minimize the impact of unauthorized file access if exploitation occurs.