QwikSec

Security Database

CVE

CWE

Training

CVE-2025-65075

Published: Dec 16, 2025

Modified: Dec 16, 2025

PUBLISHED

Description

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script. This issue was fixed in version 6.44.44

Vendor	Product	Versions
WaveStore	WaveStore Server	affected `0 - < 6.44.44`

Weaknesses (CWE)

References

https://cert.pl/en/posts/2025/12/CVE-2025-65074

third-party-advisory

https://www.wavestore.com/products/video-management-software

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.