{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67115", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T01:26:02.991Z", "dateReserved": "2025-12-08T00:00:00.000Z", "datePublished": "2026-03-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T17:27:14.374Z"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the log_type parameter to /logsave.htm."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}, {"url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"url": "https://freedomfi.com/index.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T01:24:23.082753Z", "id": "CVE-2025-67115", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:26:02.991Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67115", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T01:24:23.082753Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T01:25:35.882Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}, {"url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"url": "https://freedomfi.com/index.html"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the log_type parameter to /logsave.htm."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-19T17:27:14.374Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67115", "state": "PUBLISHED", "dateUpdated": "2026-03-24T01:26:02.991Z", "dateReserved": "2025-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-19T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files from the filesystem via crafted values in the log_type parameter to /logsave.htm."}, {"lang": "es", "value": "Una vulnerabilidad de salto de ruta en /ftl/web/setup.cgi en el firmware de Small Cell Sercomm SCE4255W (FreedomFi Englewood) anterior a DG3934v3@2308041842 permite a usuarios remotos autenticados leer archivos arbitrarios del sistema de archivos mediante valores manipulados en el par\u00e1metro log_type a /logsave.htm."}], "id": "CVE-2025-67115", "lastModified": "2026-03-24T02:16:04.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-19T18:16:15.820", "references": [{"source": "cve@mitre.org", "url": "https://fcc.report/FCC-ID/P27-SCE4255W/4790935.pdf"}, {"source": "cve@mitre.org", "url": "https://freedomfi.com/index.html"}, {"source": "cve@mitre.org", "url": "https://neroteam.com/blog/freedomfi-sercomm-sce4255w-englewood"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,DG3934v3@2308041842)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "sercomm_sce4255w", "vendor": "freedomfi"}], "analysis": {"en": {"generated_at": "2026-03-24T03:27:43.444173+00:00", "value": {"mitigation_remediation": ["Update the device firmware to DG3934v3 or later, or any official patch released by Sercomm.", "If an update cannot be applied, block or restrict direct access to the /ftl/web/setup.cgi and /logsave.htm paths using network segmentation or firewall rules.", "Enforce strong, unique credentials for device administrators and regularly audit user accounts.", "Monitor device logs for abnormal log_type parameter values that may indicate exploitation attempts."], "summary": {"action": "Apply Update", "impact": "Remote Data Disclosure"}, "threat_synthesis": {"affected_systems": "The issue covers Sercomm\u2019s FreedomFi Englewood small\u2011cell module, the SCE4255W unit, and affects all firmware revisions prior to DG3934v3@2308041842. Any deployment using a vulnerable firmware version is subject to the described weakness.", "description_and_impact": "A firmware flaw in the Small Cell Sercomm SCE4255W, accessed through /ftl/web/setup.cgi, permits authenticated remote users to manipulate the log_type query string to /logsave.htm and read any file on the device. This path traversal vulnerability, classified as CWE\u201122, exposes system files and credentials to unauthorized disclosure.", "risk_and_exploitability": "The CVSS base score of 6.5 indicates a moderate severity and the EPSS score below 1\u200a% suggests low current exploitation probability. Although the flaw is not listed in the CISA KeV catalog, it can still be leveraged by anyone who obtains valid administrative credentials and attempts to read sensitive system files. The main attack vector is remote authenticated access to the device, so restricting or disabling local administrative accounts and applying the latest firmware can eliminate the risk."}}}}, "created": "2026-03-20T08:58:03.588881+00:00", "title": "Path Traversal in Sercomm SCE4255W Setup CGI Enables File Disclosure", "updated": "2026-03-25T11:51:40.665723+00:00", "vendors": ["freedomfi", "freedomfi$PRODUCT$sercomm_sce4255w"]}