CVE-2025-10461 Docker — Exploit & Vulnerability Details MEDIUM

CVE-2025-10461

MEDIUM CVSS 4.0: 5.3 EPSS 0.04%

Parameter	Value
CVSS	5.3 (MEDIUM)
Type	CWE-20 (Improper Input Validation)
Vendor	Docker
Public PoC	No

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker (filesystem modules) allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

Low

Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-20 Improper Input Validation

References 2

https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-…

10de8ef9-5c89-4b17-8228-e97b74acf4bd

https://https://industrial.softing.com/fileadmin/psirt/downloads/2025/CVE-2025-…

10de8ef9-5c89-4b17-8228-e97b74acf4bd

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40242

Docker

7.2

CVE-2026-39848

Docker

6.5

CVE-2026-40089

Docker

9.9

CVE-2026-35036

Docker

7.5

CVE-2026-33990

Docker

6.8

Menu

CVE-2025-10461

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-40242

CVE-2026-39848

CVE-2026-40089

CVE-2026-35036

CVE-2026-33990

CVE Details

Editor's Choice

Menu

CVE-2025-10461

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-40242

CVE-2026-39848

CVE-2026-40089

CVE-2026-35036

CVE-2026-33990

CVE Details

Editor's Choice

Stay informed on cybersecurity