CVE-2025-14253 MEDIUM

CVE-2025-14253: Galaxy Software Services|Vitals ESP - Arbitrary File Read

Vendor Galaxy Software Services
Product Vitals ESP
Weakness CWE-36
Published December 8, 2025
Last update December 8, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Vitals ESP developed by Galaxy Software Services has an Arbitrary File Read vulnerability, allowing privileged remote attackers to exploit Absolute Path Traversal to download arbitrary system files.

Key dates

02Disclosure timeline

December 8, 2025 CVE published
December 8, 2025 Record updated