CVE-2025-65076 is a path traversal vulnerability (CWE-22) affecting the WaveStore Server product. The vulnerability arises because the WaveView client allows execution of a restricted set of predefined commands and scripts on the connected WaveStore Server. Specifically, the ilog script, which is run with root privileges, does not properly limit pathname inputs, enabling an attacker with high privileges to manipulate file paths to access or delete arbitrary files on the server. This improper limitation of pathname inputs allows traversal outside intended directories, bypassing security controls. The vulnerability requires the attacker to already have high privileges on the system, but does not require user interaction or authentication bypass, making it relatively straightforward to exploit once access is obtained. The impact includes unauthorized reading or deletion of any file on the server, potentially leading to full system compromise or data loss. The issue was addressed and fixed in WaveStore Server version 6.44.44. The CVSS 4.0 base score is 8.6, reflecting high severity due to network attack vector, low attack complexity, no privileges required beyond high privileges, no user interaction, and high impact on confidentiality and integrity. No public exploits are currently known, but the vulnerability presents a significant risk to affected systems.

For European organizations, this vulnerability poses a serious risk to confidentiality and integrity of critical data stored on WaveStore Servers. Since the ilog script runs with root privileges, exploitation can lead to complete system compromise, unauthorized data access, or deletion, disrupting business operations. Organizations in sectors such as finance, healthcare, manufacturing, and government that rely on WaveStore Server for data storage and management could face operational downtime, regulatory non-compliance, and reputational damage. The ability to delete arbitrary files also raises the risk of ransomware or destructive attacks. Given the network attack vector and ease of exploitation by a high-privileged insider or attacker who has gained elevated access, the threat is significant. The lack of known exploits in the wild reduces immediate risk but does not diminish the urgency of patching. Failure to remediate could lead to targeted attacks, especially in critical infrastructure environments prevalent in Europe.

European organizations should immediately upgrade WaveStore Server installations to version 6.44.44 or later, where the vulnerability is fixed. Until patching is possible, restrict access to the WaveView client and WaveStore Server to trusted administrators only, employing network segmentation and strict access controls. Implement robust monitoring and logging of command executions on WaveStore Servers to detect suspicious activity related to the ilog script. Enforce the principle of least privilege to limit the number of users with high privileges capable of exploiting this vulnerability. Conduct regular audits of user privileges and review system configurations to ensure no unnecessary elevated access exists. Additionally, consider deploying file integrity monitoring solutions to detect unauthorized file deletions or modifications. Organizations should also prepare incident response plans to quickly address potential exploitation. Finally, maintain up-to-date backups of critical data to enable recovery in case of file deletion or corruption.