CVE-2025-28354
📋 TL;DR
This vulnerability allows attackers to perform directory traversal attacks via crafted POST requests in Entrust Corp Printer Manager. Attackers can potentially access or manipulate files outside the intended directory. Organizations using Entrust Printer Manager D3.18.4-3 and earlier versions are affected.
💻 Affected Systems
- Entrust Corp Printer Manager
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files, write malicious files to arbitrary locations, or potentially achieve remote code execution by overwriting critical files.
Likely Case
Attackers can read configuration files containing credentials or sensitive information, potentially leading to further system compromise.
If Mitigated
With proper network segmentation and access controls, impact is limited to the printer management system itself.
🎯 Exploit Status
The vulnerability requires only a crafted POST request, making exploitation straightforward.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: D3.18.4-4 or later
Vendor Advisory: https://www.entrust.com/sites/default/files/documentation/productsupport/entrust-security-bulletin-e25-002.pdf
Restart Required: Yes
Instructions:
1. Download the latest version from Entrust support portal. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the Printer Manager service.
🔧 Temporary Workarounds
Network Access Restriction
linuxRestrict network access to the Printer Manager interface to trusted IP addresses only.
iptables -A INPUT -p tcp --dport [PRINTER_MANAGER_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [PRINTER_MANAGER_PORT] -j DROP
Web Application Firewall
allDeploy a WAF with directory traversal protection rules.
🧯 If You Can't Patch
- Isolate the Printer Manager system in a separate network segment with strict access controls.
- Implement file integrity monitoring on critical system directories to detect unauthorized changes.
🔍 How to Verify
Check if Vulnerable:
Check the version in Printer Manager web interface or configuration files. Versions D3.18.4-3 and earlier are vulnerable.Check Version:
Check web interface or configuration file for version string.Verify Fix Applied:
Verify the version is D3.18.4-4 or later and test directory traversal attempts return proper error responses.📡 Detection & Monitoring
Log Indicators:
- POST requests containing '../' sequences
- Access to files outside expected printer directories
- Unusual file access patterns
Network Indicators:
- HTTP POST requests with directory traversal payloads to printer manager endpoints
SIEM Query:
source="printer_manager" AND (http_method="POST" AND (url="*../*" OR body="*../*"))