CVE-2025-65075 is a path traversal vulnerability classified under CWE-22 found in the WaveStore Server product. The vulnerability exists in the WaveView client-server interaction, where the client can execute a restricted set of predefined commands and scripts on the connected WaveStore Server. Specifically, the 'alog' script does not properly sanitize or limit pathname inputs, allowing an attacker with high privileges on the server to perform path traversal attacks. This enables the attacker to read or delete arbitrary files on the server with the permissions of the 'dvr' user, which is the user context under which the WaveStore Server operates. The vulnerability does not require user interaction and can be exploited remotely over the network (AV:N), with low attack complexity (AC:L), and no authentication required beyond high privileges (PR:H). The impact on confidentiality and integrity is low to moderate, as the attacker can access or delete files but only with the 'dvr' user permissions, which may limit the scope of damage. Availability impact is none. The vulnerability was fixed in version 6.44.44 of WaveStore Server. No known exploits have been reported in the wild as of now. The CVSS v4.0 base score is 5.1, indicating a medium severity level. The vulnerability was assigned and published by CERT-PL in December 2025.

For European organizations, the impact of CVE-2025-65075 depends largely on the deployment of WaveStore Server in their infrastructure. Organizations using WaveStore for video recording, surveillance, or DVR-related services could face unauthorized file access or deletion, potentially disrupting video data integrity or availability. Although exploitation requires high privileges, an attacker who has already compromised an account with elevated rights could leverage this vulnerability to escalate their access or cover tracks by deleting logs or critical files. This could impact sectors such as public safety, transportation, utilities, and private enterprises relying on video surveillance. The confidentiality of stored video data or configuration files could be compromised, and integrity affected by unauthorized deletions. However, the limited permissions of the 'dvr' user and absence of privilege escalation reduce the overall risk. The lack of known exploits in the wild lowers immediate threat but does not eliminate future risk. Organizations failing to update to the patched version remain vulnerable to potential targeted attacks.

To mitigate CVE-2025-65075, European organizations should immediately upgrade WaveStore Server to version 6.44.44 or later, where the vulnerability is fixed. Restrict access to the WaveStore Server to only trusted administrators and limit the number of users with high privileges to reduce the attack surface. Implement strict access controls and monitoring on the 'dvr' user account to detect unusual file access or deletion activities. Employ network segmentation to isolate WaveStore Servers from untrusted networks and apply intrusion detection systems to monitor for suspicious command executions related to the 'alog' script. Regularly audit and review logs for signs of exploitation attempts. Additionally, consider application-layer filtering or input validation enhancements if custom scripts or integrations exist. Maintain up-to-date backups of critical video and configuration data to enable recovery in case of data deletion. Finally, educate system administrators about the vulnerability and the importance of applying patches promptly.