CVE-2025-10461

EUVD-2025-208725
Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access.



This issue affects

smartLink SW-HT: through 1.42

smartLink SW-PN: through 1.03.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
SoftingCNA
5.3 MEDIUM
NETWORK
LOW
LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
softingsmartlink_sw-ht
𝑥
≤ 1.42
CNA
softingsmartlink_sw-ht
𝑥
≤ 1.3
CNA
Common Weakness Enumeration
References
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.html
https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-10461.json