CVE-2025-65076 is a path traversal vulnerability classified under CWE-22 affecting the WaveStore Server product. The vulnerability exists in the ilog script, which is executed with root privileges by the WaveView client. Although the client restricts users to a predefined set of commands and scripts, the ilog script fails to properly sanitize or limit pathname inputs, allowing an attacker with high privileges to traverse directories and access or delete arbitrary files on the server. This can lead to unauthorized disclosure, modification, or destruction of critical system or application files. The vulnerability is exploitable remotely over the network without user interaction, but requires the attacker to already have high privileges on the system. The flaw affects all versions prior to 6.44.44, which contains the patch. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N) indicates network attack vector, low attack complexity, no authentication bypass, but requires high privileges, and results in high confidentiality and integrity impact with limited availability impact. No known exploits have been reported in the wild, but the severity and root-level execution context make this a critical patching priority for affected organizations.

For European organizations, exploitation of this vulnerability could lead to severe consequences including unauthorized access to sensitive files, deletion of critical data, and potential disruption of services hosted on WaveStore Servers. Given that the ilog script runs with root privileges, attackers could compromise system integrity and confidentiality, potentially leading to data breaches involving personal or business-critical information. This could result in regulatory non-compliance under GDPR due to data exposure or loss. The ability to delete files also raises availability concerns, possibly causing downtime or loss of operational capabilities. Organizations relying on WaveStore Server for storage or data management in sectors such as finance, healthcare, or government are particularly at risk. The lack of known exploits in the wild currently reduces immediate risk but does not diminish the urgency of remediation, as attackers could develop exploits given the public disclosure.

European organizations using WaveStore Server should immediately verify their version and upgrade to 6.44.44 or later, where the vulnerability is patched. Until patching is possible, restrict access to the WaveView client and server to trusted administrators only, and monitor for unusual file access or deletion activities. Implement strict privilege management to ensure only necessary users have high privileges required to exploit this vulnerability. Employ network segmentation and firewall rules to limit exposure of WaveStore Servers to untrusted networks. Conduct regular audits of server logs to detect attempts to exploit path traversal or unauthorized script execution. Additionally, consider deploying host-based intrusion detection systems (HIDS) to alert on suspicious file system operations. Finally, review and harden script execution policies to prevent unauthorized command execution beyond the predefined safe set.