CVE-2025-67115 is a path traversal vulnerability identified in the Small Cell Sercomm SCE4255W device, specifically in the firmware versions prior to DG3934v3@2308041842. The flaw exists in the /ftl/web/setup.cgi component, where the log_type parameter in the /logsave.htm endpoint is improperly sanitized. This allows a remote attacker with valid authentication credentials to craft malicious input that traverses the filesystem directory structure, enabling them to read arbitrary files outside the intended directory scope. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and requires privileges (PR:L) but no user interaction (UI:N). The impact is high on confidentiality (C:H) but does not affect integrity or availability. Although no public exploits have been reported yet, the vulnerability poses a significant risk due to the sensitive nature of files that could be exposed, including configuration files, credentials, or logs. The affected device is commonly used in small cell deployments to extend cellular coverage, often integrated into FreedomFi networks, which are gaining traction in various regions. The lack of a patch link suggests that a fix may be pending or in development, emphasizing the need for vigilance and interim protective measures.

The primary impact of this vulnerability is unauthorized disclosure of sensitive information stored on the affected device. Attackers who successfully exploit this flaw can access configuration files, credentials, or other sensitive data that could facilitate further attacks, such as privilege escalation or network infiltration. Since the device is used in cellular small cell infrastructure, compromise could affect network reliability and user privacy. Organizations deploying these devices risk exposure of internal network details and potentially customer data. Although the vulnerability does not allow code execution or denial of service, the confidentiality breach alone can have serious consequences, including regulatory compliance violations and erosion of trust. The requirement for authentication limits the attack surface but does not eliminate risk, especially in environments where credentials may be weak, reused, or compromised. The absence of known exploits in the wild currently reduces immediate risk but does not preclude future exploitation. Overall, the vulnerability could undermine the security posture of cellular network providers and enterprises relying on these devices for coverage extension.

1. Immediately verify the firmware version of all Small Cell Sercomm SCE4255W devices and plan to upgrade to DG3934v3@2308041842 or later once the patch is officially released. 2. Restrict access to device management interfaces (including /logsave.htm and /ftl/web/setup.cgi) to trusted networks and authorized personnel only, using network segmentation and firewall rules. 3. Enforce strong authentication mechanisms, including unique, complex passwords and multi-factor authentication where supported, to reduce the risk of credential compromise. 4. Monitor device logs and network traffic for unusual access patterns or attempts to exploit path traversal vulnerabilities. 5. If patching is delayed, consider deploying web application firewalls (WAFs) or intrusion prevention systems (IPS) with custom rules to detect and block suspicious log_type parameter values indicative of path traversal attempts. 6. Conduct regular security audits and vulnerability assessments on network infrastructure devices to identify and remediate similar issues proactively. 7. Educate administrators about the risks of path traversal vulnerabilities and the importance of timely patching and access control.