Valmet DNA Engineering Web Tools
Summary
A vulnerability exists in Valmet DNA Engineering Web Tools that could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. The affected versions are Valmet DNA Engineering Web Tools <= C2022 (CVE-2025-15577). Valmet has released a fix and recommends users contact their customer service for assistance.
IFF Assessment
A path traversal vulnerability in critical infrastructure software allows for arbitrary file read access.
Severity
Defender Context
This path traversal vulnerability in Valmet DNA Engineering Web Tools could allow attackers to read sensitive files on affected systems. Defenders should apply the vendor-provided patch and monitor systems for unusual file access attempts. Path traversal vulnerabilities are common and often exploited, particularly in web-based applications.