CVE-2025-27718

Summary

CVE-2025-27718 is a path traversal vulnerability affecting the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. This issue allows an attacker to access or modify files on the product and potentially execute arbitrary code through a crafted HTTP request on the LAN side. The vulnerability stems from a failure to sufficiently restrict user input in the file upload process, making it possible for attackers to traverse beyond the intended directory. This poses a significant risk, particularly for organizations that utilize this product in their network environment. It is crucial for users to upgrade to a patched version or implement safeguards to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.