{"cve":{"cve_id":"CVE-2025-53880","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0024,"epss_percentile":0.14876,"epss_as_of":"2026-06-23","description":"A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.","published_at":"2025-10-30T10:31:15.866000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":8.7,"cvss_v4_vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","cvss_v4_severity":"HIGH","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-35"],"nvd_references":["https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53880"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:27:31.918367Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"H","value_label":"High"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"H","value_label":"High"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"}]},"affected":[{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"container-suse-manager-4.3-proxy-httpd-latest","product_name":"Container suse/manager/4.3/proxy-httpd:latest","version_start":"?","version_start_inclusive":true,"version_end":"4.3.11-150400.3.15.3","version_end_inclusive":false,"cpe23_uri":"cve5:suse:container-suse-manager-4.3-proxy-httpd-latest:?:4.3.11-150400.3.15.3"},{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"container-suse-manager-5.0-x86-64-proxy-httpd-latest","product_name":"Container suse/manager/5.0/x86_64/proxy-httpd:latest","version_start":"?","version_start_inclusive":true,"version_end":"5.0.3-150600.3.6.4","version_end_inclusive":false,"cpe23_uri":"cve5:suse:container-suse-manager-5.0-x86-64-proxy-httpd-latest:?:5.0.3-150600.3.6.4"},{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"container-suse-multi-linux-manager-5.1-x86-64-proxy-httpd-latest","product_name":"Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest","version_start":"?","version_start_inclusive":true,"version_end":"5.1.3-150700.3.3.3","version_end_inclusive":false,"cpe23_uri":"cve5:suse:container-suse-multi-linux-manager-5.1-x86-64-proxy-httpd-latest:?:5.1.3-150700.3.3.3"},{"vendor_slug":"suse","vendor_name":"SUSE","product_slug":"suse-manager-proxy-lts-4.3","product_name":"SUSE Manager Proxy LTS 4.3","version_start":"?","version_start_inclusive":true,"version_end":"4.3.11-150400.3.15.3","version_end_inclusive":false,"cpe23_uri":"cve5:suse:suse-manager-proxy-lts-4.3:?:4.3.11-150400.3.15.3"}],"exploit_refs":[],"news":[],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-53880","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-10-30T10:31:15.866000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:47:42.774556Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:42.774556Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:42.774556Z","label":"CVSS score revised","source":"cvelistv5"}]}