CVE-2025-37098NVD

Vulnerability Summary

A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

Severity Level

HIGH(7.5)

Published Date

Jul 1, 2025

Last Modified

Jul 10, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-22: Path Traversal ↗

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US