| Summary |
An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access. |
| Impact |
Attackers who can access web server could achieve arbitrary file read access. |
| Issue date |
February 11, 2026 |
| Affects |
Valmet DNA Engineering Web Tools C2022 and older. |
| CVE Name |
https://nvd.nist.gov/vuln/detail/CVE-2025-15577 |
| CVS Details |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P/S:N/AU:Y/V:D/RE:M/U:Green |
| CVSS Score |
8.7 |
| Solution |
The solution is available from Valmet Automation Customer Service. |
| Mitigations |
A properly configured firewall helps to prevent unauthorized access from untrusted networks to the system. |
| Acknowledgements |
- |
