CVE-2025-3718 is a client-side path traversal vulnerability identified in the web management interface front-end of Nozomi Networks Guardian. The root cause is the lack of proper validation on an input parameter, which allows an authenticated user with limited privileges to construct a malicious URL. When this crafted URL is accessed by another authenticated user, it results in a Cross-Site Scripting (XSS) attack. This vulnerability combines CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) with an XSS attack vector, leveraging path traversal to inject malicious scripts. The attack requires authentication and user interaction, limiting its exploitation scope but still posing a significant risk within trusted user environments. The CVSS 4.0 score of 5.8 reflects medium severity, considering network attack vector, high attack complexity, limited privileges required, and user interaction needed. The vulnerability can compromise confidentiality by stealing session tokens or sensitive data, integrity by executing unauthorized commands, and availability by potentially disrupting user sessions. No patches or exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed proactively. The affected product, Nozomi Networks Guardian, is widely used in industrial control system (ICS) and operational technology (OT) environments for network visibility and security monitoring, making this vulnerability particularly relevant for critical infrastructure sectors.

For European organizations, especially those operating critical infrastructure such as energy, manufacturing, and transportation sectors, this vulnerability poses a moderate risk. The ability for a low-privileged authenticated user to induce an XSS attack via path traversal can lead to session hijacking, unauthorized command execution, or data leakage within the management interface. This can undermine operational security and potentially disrupt monitoring and control functions critical to industrial environments. Given the reliance on Nozomi Networks Guardian in OT and ICS environments, exploitation could indirectly impact physical processes. The requirement for user interaction and authentication reduces the likelihood of widespread automated exploitation but increases the risk from insider threats or targeted attacks. Organizations with large user bases or complex access hierarchies may face increased exposure. Additionally, the vulnerability could be leveraged as a foothold for lateral movement within networks, escalating the overall security risk.

1. Implement strict input validation and sanitization on all user-supplied parameters in the web management interface to prevent path traversal and script injection. 2. Apply the latest security updates and patches from Nozomi Networks as soon as they become available. 3. Restrict user privileges to the minimum necessary and review access controls regularly to limit exposure. 4. Educate users about the risks of clicking on suspicious URLs, especially within the management interface environment. 5. Monitor web interface logs for unusual URL patterns or repeated access attempts that may indicate exploitation attempts. 6. Employ Content Security Policy (CSP) headers to reduce the impact of potential XSS attacks. 7. Use multi-factor authentication (MFA) to reduce the risk of compromised credentials being exploited. 8. Segment OT and ICS networks to limit the spread of any compromise originating from this vulnerability. 9. Conduct regular security assessments and penetration tests focusing on web interface vulnerabilities. 10. Establish incident response procedures specifically addressing web interface attacks and insider threat scenarios.