CVE-2025-25539 – A Local File Inclusion vulnerability in Vasco v... (How to Fix)

Q: What is the severity of CVE-2025-25539?

CVE-2025-25539 has a CVSS score of 6.5 (MEDIUM). A Local File Inclusion vulnerability in Vasco v3.14 and earlier allows remote attackers to read sensitive files on the server through the help menu functionality. This affects all systems running vulnerable versions of Vasco software. Attackers can potentially access configuration files, credentials, or other sensitive data.

📋 TL;DR

A Local File Inclusion vulnerability in Vasco v3.14 and earlier allows remote attackers to read sensitive files on the server through the help menu functionality. This affects all systems running vulnerable versions of Vasco software. Attackers can potentially access configuration files, credentials, or other sensitive data.

💻 Affected Systems

Products:

Vasco

Versions: v3.14 and earlier

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the vulnerable help menu functionality are affected regardless of configuration.

📦 What is this software?

Vasco Self Service Portal by Onespan

View all CVEs affecting Vasco Self Service Portal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files containing credentials, followed by lateral movement or data exfiltration.

🟠

Likely Case

Information disclosure of sensitive files, potentially exposing credentials, configuration details, or proprietary data.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in provided references demonstrates trivial exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor vendor for updates and apply immediately when released.

🔧 Temporary Workarounds

Disable help menu functionality

all

Remove or disable the vulnerable help menu component to prevent exploitation

# Consult Vasco documentation for disabling specific modules

Implement input validation

all

Add strict input validation to filter file path parameters

# Implement server-side validation for all file path inputs

🧯 If You Can't Patch

Implement strict file system permissions to limit accessible directories
Deploy web application firewall with LFI protection rules

🔍 How to Verify

Check if Vulnerable:

Test if help menu accepts file path parameters and can read system files like /etc/passwd

Check Version:

vasco --version or check configuration files for version information

Verify Fix Applied:

Verify help menu no longer accepts file path parameters or returns error for directory traversal attempts

📡 Detection & Monitoring

Log Indicators:

Unusual file path requests in help menu logs
Multiple failed attempts to access system files

Network Indicators:

HTTP requests with file path parameters to help endpoints
Patterns of directory traversal sequences

SIEM Query:

source="vasco_logs" AND (url="*help*" AND (param="*../*" OR param="*..\\*"))

📊 Metadata

CVE ID: CVE-2025-25539

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-98

EPSS Score: 0.06% exploit probability (18.7th percentile)

Published: May 21, 2025

Last Updated: June 25, 2025

🔗 References

https://drive.google.com/drive/folders/1Va0QP5TtsRprk-pXL3bUfCwTSjYbqnLK?usp=sharing Product
https://gist.github.com/sornram9254/15eb12579b7acda8ba021217366960bd Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25539, you might also want to check these: