QwikSec

Security Database

CVE

CWE

Training

CVE-2025-27615

Published: Mar 10, 2025

Modified: Mar 10, 2025

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.

Vendor	Product	Versions
umati	umatiGateway	affected `< 5d81a3412bc0051754a3095d89a06d6d743f2b16`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

References

https://github.com/umati/umatiGateway/security/advisories/GHSA-qf9w-x9qx-2mq7

x_refsource_CONFIRM

https://github.com/umati/umatiGateway/pull/101

x_refsource_MISC

https://github.com/umati/umatiGateway/commit/5d81a3412bc0051754a3095d89a06d6d743f2b16

x_refsource_MISC

https://github.com/umati/umatiGateway/blob/abe73096a17307327f0d6dc0ed4db1fb93464521/README.md?plain=1#L34-L35

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.