CVE-2025-47619 is a Missing Authorization vulnerability (CWE-862) identified in the 6Storage Rentals product by 6Storage, affecting versions up to 2.19.4. The vulnerability allows an attacker with limited privileges (PR:L - privileges required) to perform unauthorized actions due to insufficient authorization checks. Specifically, it enables a path traversal attack, where an attacker can manipulate file paths to access files or directories outside the intended scope. The CVSS 3.1 base score is 6.5 (medium severity), reflecting a network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), but no impact on integrity (I:N) or availability (A:N). This means an attacker with some level of access can exploit the vulnerability remotely to read sensitive files, potentially exposing confidential information without altering or disrupting system operations. The lack of patches or known exploits in the wild suggests the vulnerability is newly disclosed and may not yet be actively exploited. However, the path traversal combined with missing authorization can be leveraged to bypass access controls, leading to significant confidentiality breaches.

For European organizations using 6Storage Rentals, this vulnerability poses a significant risk to the confidentiality of sensitive data. Unauthorized access to files could expose personal data, financial records, or proprietary business information, potentially violating GDPR and other data protection regulations. The medium severity score indicates that while the vulnerability does not allow data modification or service disruption, the confidentiality breach alone can lead to reputational damage, regulatory fines, and loss of customer trust. Organizations in sectors such as real estate, property management, or rental services that rely on 6Storage Rentals are particularly at risk. The requirement for some level of privileges means insider threats or compromised user accounts could be leveraged to exploit this vulnerability. Given the cross-border nature of many European businesses, data leakage could have cascading effects across multiple jurisdictions.

To mitigate this vulnerability, European organizations should implement the following specific actions: 1) Immediately review and restrict user privileges within 6Storage Rentals to the minimum necessary, reducing the risk of exploitation by low-privilege users. 2) Conduct a thorough audit of file access controls and logs to detect any unauthorized access attempts or suspicious activity related to path traversal. 3) Apply any available vendor patches or updates as soon as they are released; if no patch is currently available, consider temporary compensating controls such as web application firewalls (WAFs) configured to detect and block path traversal patterns. 4) Implement strict input validation and sanitization on file path parameters to prevent manipulation. 5) Enhance monitoring and alerting for unusual file access patterns, especially from accounts with limited privileges. 6) Educate users about the risks of credential compromise and enforce strong authentication mechanisms to prevent privilege escalation. 7) Engage with the vendor to obtain timelines for patch releases and request security advisories.