CVE-2025-10461 MEDIUM

CVE-2025-10461: Global file reads caused by improper URL checks in webserver

Vendor Softing

Product smartLink SW-HT

Weakness CWE-20 · Input validation

Published March 16, 2026

Last update March 27, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/R:A/RE:L/U:Green

What the vulnerability does

01Description

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03.

Key dates

02Disclosure timeline

March 16, 2026 CVE published

March 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10461

Related vulnerabilities

Identifiers

CVE CVE-2025-10461

CWE CWE-20

CVSS 5.3 / MEDIUM

Affected versions

Vendor Softing

Product smartLink SW-HT

Affected ≤ 1.42

Vendor Softing

Product smartLink SW-PN

Affected ≤ 1.03

CVE-2025-10461: Global file reads caused by improper URL checks in webserver

01Description

02Disclosure timeline

03References

04Related CVE