CVE-2025-15015 HIGH

CVE-2025-15015: Ragic｜Enterprise Cloud Database - Arbitrary File Read

Vendor Ragic

Product Enterprise Cloud Database

Weakness CWE-23

Published December 22, 2025

Last update December 22, 2025

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.

Key dates

02Disclosure timeline

December 22, 2025 CVE published

December 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-15015 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

04Related CVE

CVE-2024-50453 WordPress The Pack Elementor addons plugin <= 2.0.9 - Local File Inclusion vulnerability CVE-2025-58456 AutomationDirect Productivity Suite Relative Path Traversal CVE-2026-42085 OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames CVE-2024-30010 Windows Hyper-V Remote Code Execution Vulnerability CVE-2024-11315 TRCore DVC - Arbitrary File Upload through Path Traversal