CVE-2025-7975 is a high-severity vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as Path Traversal) affecting the Anritsu ShockLine product, specifically version 2023.7.5. The vulnerability arises from improper validation of user-supplied paths during the parsing of CHX files. This flaw allows a remote attacker to craft malicious CHX files or lure a user into visiting a malicious webpage or opening a malicious file, which triggers the vulnerable file parsing logic. Due to insufficient sanitization of the pathname input, an attacker can traverse directories outside the intended restricted directory, enabling arbitrary file operations. This can lead to remote code execution (RCE) in the context of the current user, compromising confidentiality, integrity, and availability of the affected system. The CVSS 3.0 base score is 7.8, indicating a high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is unchanged (S:U), and the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no public exploits are currently known in the wild, the vulnerability was responsibly disclosed and published by ZDI (ZDI-CAN-26913). The lack of a patch link suggests that a fix may still be pending or in development. Organizations using Anritsu ShockLine 2023.7.5 should consider this vulnerability critical to address due to the potential for remote code execution triggered by user interaction with malicious content.

For European organizations, the impact of CVE-2025-7975 can be significant, especially for those in telecommunications, network testing, and infrastructure sectors where Anritsu ShockLine is deployed. Successful exploitation could lead to unauthorized code execution, allowing attackers to gain control over affected systems, steal sensitive data, disrupt operations, or use compromised machines as pivot points for further network intrusion. Given the high confidentiality, integrity, and availability impact, critical infrastructure and enterprises relying on ShockLine for network diagnostics and testing could face operational downtime, data breaches, or sabotage. The requirement for user interaction (opening a malicious file or visiting a malicious page) means that social engineering or phishing campaigns could be leveraged to exploit this vulnerability. This elevates the risk in environments with less stringent user awareness or insufficient endpoint protections. Additionally, the lack of a patch increases exposure time, making timely mitigation crucial to prevent exploitation.

1. Immediate mitigation should include restricting user access to ShockLine installations and limiting the opening of untrusted CHX files. 2. Implement strict network segmentation to isolate ShockLine systems from general user networks and internet-facing segments to reduce exposure. 3. Employ endpoint protection solutions capable of detecting and blocking suspicious file operations or exploitation attempts related to path traversal. 4. Conduct user awareness training focusing on phishing and social engineering risks to reduce the likelihood of user interaction with malicious content. 5. Monitor logs and system behavior for unusual file access patterns or unexpected process executions related to ShockLine. 6. Coordinate with Anritsu for timely patch deployment once available; meanwhile, consider applying any vendor-provided workarounds or configuration changes that limit file parsing capabilities or enforce stricter input validation. 7. Use application whitelisting to restrict execution of unauthorized code on systems running ShockLine. 8. Regularly audit and update security policies governing file handling and software usage within the organization.