CVE-2025-15577 – An unauthenticated attacker can exploit this vu... (How to Fix)

Q: What is the severity of CVE-2025-15577?

CVE-2025-15577 has a CVSS score of 7.5 (HIGH). An unauthenticated attacker can exploit this vulnerability by manipulating URLs to read arbitrary files from the Valmet DNA Web Tools server. This affects Valmet DNA Web Tools C2022 and older versions, potentially exposing sensitive configuration files, credentials, or other critical data.

📋 TL;DR

An unauthenticated attacker can exploit this vulnerability by manipulating URLs to read arbitrary files from the Valmet DNA Web Tools server. This affects Valmet DNA Web Tools C2022 and older versions, potentially exposing sensitive configuration files, credentials, or other critical data.

💻 Affected Systems

Products:

Valmet DNA Web Tools

Versions: C2022 and older

Operating Systems: Windows (typically used with Valmet DNA systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations of Valmet DNA Web Tools C2022 and earlier. Systems must have the web interface accessible.

📦 What is this software?

Dna by Valmet

View all CVEs affecting Dna →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like configuration files, passwords, or private keys, leading to further attacks on industrial control systems.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, credentials, or proprietary information from the Valmet DNA system.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthenticated access to the vulnerable interface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires URL manipulation but no authentication, making it relatively simple for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Contact Valmet for specific patched versions

Vendor Advisory: https://www.valmet.com/company/innovation/advisories/CVE-2025-15577/

Restart Required: No

Instructions:

1. Contact Valmet support for patched versions. 2. Apply the patch provided by Valmet. 3. Verify the fix by testing URL manipulation attempts.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to Valmet DNA Web Tools interface to authorized networks only

Authentication Enforcement

all

Ensure all access to the web interface requires proper authentication

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Valmet DNA Web Tools interface
Monitor for suspicious file access patterns in web server logs

🔍 How to Verify

Check if Vulnerable:

Attempt to access sensitive files via URL manipulation on the Valmet DNA Web Tools interface

Check Version:

Check Valmet DNA Web Tools version in the application interface or configuration files

Verify Fix Applied:

Test that URL manipulation no longer returns arbitrary files after applying patches

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in web server logs
Requests with path traversal patterns (../, ..\)

Network Indicators:

Unusual requests to Valmet DNA Web Tools with file path patterns

SIEM Query:

source="valmet_web_tools" AND (url="*../*" OR url="*..\*")

📊 Metadata

CVE ID: CVE-2025-15577

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.04% exploit probability (11th percentile)

Published: February 12, 2026

Last Updated: February 23, 2026

🔗 References

https://www.valmet.com/company/innovation/advisories/CVE-2025-15577/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15577, you might also want to check these: