CVE-2023-7327 HIGH

CVE-2023-7327: Ozeki SMS Gateway <= 10.3.208 Unauthenticated Arbitrary File Read

Vendor Ozeki Ltd.
Product Ozeki SMS Gateway
Weakness CWE-22 · Path traversal
Published November 12, 2025
Last update April 7, 2026

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.

Key dates

02Disclosure timeline

November 12, 2025 CVE published
April 7, 2026 Record updated