CVE-2025-27920

unknown KEV

Published 2025-05-19 · Modified 2025-05-19

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

CISA KEV

Vendor: Srimax
Product: Output Messenger
Due date: 2025-06-09

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://www.outputmessenger.com/cve-2025-27920/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-27920

Exploits

References

https://www.outputmessenger.com/cve-2025-27920/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-27920

Verify integrity in audit chain (admin only). AS-IS.