CVE-2025-9570 is a medium-severity vulnerability classified under CWE-23 (Relative Path Traversal) affecting the Sunnet eHRD CTMS (Clinical Trial Management System). This vulnerability allows remote attackers who already possess administrator privileges to exploit a relative path traversal flaw to read arbitrary files on the underlying system. The flaw arises because the application fails to properly sanitize or validate file path inputs, enabling traversal sequences (e.g., '../') to access files outside the intended directory scope. The vulnerability does not require user interaction and can be exploited remotely over the network with low attack complexity, but it does require the attacker to have administrative privileges within the application. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) indicates network attack vector, low complexity, no user interaction, but requires high privileges. The impact is primarily on confidentiality, as arbitrary system files can be read, potentially exposing sensitive data or configuration files. There is no indication of integrity or availability impact. No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The affected version is listed as "0," which likely indicates an initial or unspecified version, suggesting that the vulnerability may affect all current versions of the product unless patched. The vulnerability was published on September 1, 2025, and assigned by the Taiwan Cybersecurity Incident Response Team (twcert).

For European organizations using Sunnet's eHRD CTMS, this vulnerability poses a significant confidentiality risk. Clinical Trial Management Systems handle sensitive clinical data, including patient information, trial protocols, and regulatory documents. Unauthorized reading of system files could lead to exposure of protected health information (PHI), intellectual property, or system credentials, potentially violating GDPR and other data protection regulations. Although exploitation requires administrative privileges, insider threats or compromised admin accounts could leverage this vulnerability to escalate data exfiltration capabilities. The lack of integrity or availability impact limits the threat to data leakage rather than system disruption. However, the exposure of configuration or credential files could facilitate further attacks. Given the critical nature of clinical trial data and regulatory scrutiny in Europe, this vulnerability could lead to reputational damage, regulatory fines, and operational setbacks if exploited.

1. Immediate mitigation should focus on restricting administrative access to the eHRD CTMS to trusted personnel only, employing strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of compromised admin accounts. 2. Network segmentation and access controls should be implemented to limit exposure of the CTMS to only necessary internal networks and trusted endpoints. 3. Monitor and audit administrative activities within the CTMS for unusual file access patterns that may indicate exploitation attempts. 4. Since no patches are currently linked, organizations should contact Sunnet for official remediation or apply any vendor-recommended workarounds. 5. Implement application-layer input validation and sanitization controls to prevent path traversal sequences in file path parameters. 6. Employ host-based intrusion detection systems (HIDS) to detect abnormal file access on the server hosting the CTMS. 7. Regularly review and update system and application logs to detect potential exploitation. 8. Prepare incident response plans specifically addressing potential data breaches involving clinical trial data to ensure rapid containment and notification if exploitation occurs.