CVE-2025-60946 is a path traversal vulnerability classified under CWE-22 affecting Census CSWeb version 8.0.1. The vulnerability stems from the software's failure to properly restrict file path inputs, allowing authenticated remote attackers to manipulate file paths and access files outside the intended restricted directories. This can lead to unauthorized disclosure of sensitive information, modification or deletion of critical files, and potential disruption of service. The vulnerability does not require user interaction but does require the attacker to have valid authentication credentials, which could be obtained through other means such as phishing or credential theft. The CVSS v3.1 base score of 8.8 reflects the ease of network exploitation (AV:N), low attack complexity (AC:L), requirement for privileges (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The vulnerability was publicly disclosed on March 23, 2026, and fixed in version 8.1.0 alpha, though no official patch links are provided. No known exploits have been reported in the wild yet, but the potential damage is significant given the broad impact on system security. Census CSWeb is used in various organizational environments, often in sectors requiring secure web-based census or data collection services, making this vulnerability critical to address promptly.

The impact of CVE-2025-60946 is substantial for organizations using Census CSWeb 8.0.1. Successful exploitation allows attackers to bypass directory restrictions and access arbitrary files, potentially exposing sensitive data such as configuration files, credentials, or personally identifiable information. Attackers could also modify or delete files, leading to data integrity issues or denial of service. Given the high CVSS score, the vulnerability threatens confidentiality, integrity, and availability simultaneously. Organizations in sectors like government, research, and data analytics that rely on Census CSWeb for critical data collection and processing are particularly vulnerable. The requirement for authentication limits exposure somewhat but does not eliminate risk, especially if credential compromise occurs. The lack of known exploits in the wild currently provides a window for remediation, but the vulnerability's nature and severity make it a prime target for attackers once exploit code becomes available.

To mitigate CVE-2025-60946, organizations should immediately upgrade Census CSWeb to version 8.1.0 alpha or later where the vulnerability is fixed. If upgrading is not immediately feasible, implement strict access controls to limit authenticated user privileges to only those necessary for their roles, minimizing the risk of exploitation. Employ robust monitoring and logging of file access patterns to detect unusual directory traversal attempts. Conduct regular audits of authentication mechanisms to prevent credential compromise, including enforcing strong password policies and multi-factor authentication. Network segmentation can reduce exposure by isolating Census CSWeb servers from untrusted networks. Additionally, consider deploying web application firewalls (WAFs) with custom rules to detect and block path traversal attempts. Finally, educate administrators and users about the risks of credential theft and phishing, as authentication is required for exploitation.