CVE-2025-48496 MEDIUM

CVE-2025-48496: Emerson ValveLink Products Uncontrolled Search Path Element

Vendor Emerson
Product ValveLink SOLO
Weakness CWE-427
Published July 10, 2025
Last update July 11, 2025

CVSS base score

5.1/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Key dates

02Disclosure timeline

July 10, 2025 CVE published
July 11, 2025 Record updated