CVE-2025-65074 is a vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and CWE-78 (OS Command Injection) affecting WaveStore Server. The issue stems from the WaveView client’s ability to execute a limited set of predefined commands and scripts on the connected WaveStore Server. However, due to insufficient validation of pathname inputs in the 'showerr' script, an attacker with high privileges can perform path traversal attacks to escape intended directory restrictions. This allows the attacker to execute arbitrary operating system commands on the server, potentially leading to full system compromise. The vulnerability does not require user interaction or additional authentication beyond high privileges, making it easier to exploit once access is obtained. The CVSS v4.0 score is 8.6 (high), reflecting the critical impact on confidentiality, integrity, and availability, combined with low attack complexity and no need for user interaction. The vulnerability was publicly disclosed on December 16, 2025, and fixed in WaveStore Server version 6.44.44. No public exploits have been reported yet, but the potential for severe damage exists if exploited. The vulnerability is particularly dangerous in environments where WaveStore Server manages critical data or infrastructure, as attackers could leverage this flaw to gain persistent control or disrupt services.

For European organizations, exploitation of this vulnerability could result in unauthorized command execution on WaveStore Servers, leading to data breaches, service disruptions, or full system takeover. This could compromise sensitive data confidentiality, alter or destroy data integrity, and cause denial of service, impacting business continuity. Organizations in sectors such as finance, healthcare, manufacturing, and critical infrastructure that rely on WaveStore Server for data storage or management are at heightened risk. The requirement for high privileges means initial access control failures or insider threats could be leveraged to exploit this vulnerability. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits post-disclosure. The impact is amplified in environments with poor patch management or where WaveStore Server is exposed to untrusted networks.

European organizations should immediately verify their WaveStore Server versions and upgrade to version 6.44.44 or later to remediate the vulnerability. Implement strict access controls to limit high-privilege user accounts and monitor their activities closely. Employ network segmentation to isolate WaveStore Servers from untrusted networks and restrict administrative access to trusted hosts only. Conduct regular audits of command execution logs on WaveStore Servers to detect anomalous or unauthorized activities. Use application whitelisting and endpoint detection and response (EDR) solutions to identify and block suspicious command executions. Additionally, review and harden the configuration of the WaveView client to minimize unnecessary command execution capabilities. Establish incident response plans specifically addressing potential exploitation scenarios involving WaveStore Server. Finally, maintain up-to-date backups and test recovery procedures to mitigate potential data loss or service disruption.