CVE-2025-11540 - Vulnerability Details - OpenCVE

Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11540.html

History

Mon, 22 Dec 2025 05:15:00 +0000

Type	Values Removed	Values Added
Description		Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector.
Weaknesses		CWE-22
References		https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11540.html
Metrics		cvssV4_0 `{'score': 9.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: NEC

Published: 2025-12-22T05:07:30.369Z

Updated: 2025-12-22T05:07:30.369Z

Reserved: 2025-10-09T06:46:38.729Z

Link: CVE-2025-11540

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-22T05:16:06.807

Modified: 2025-12-22T05:16:06.807

Link: CVE-2025-11540

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11540", "assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "state": "PUBLISHED", "assignerShortName": "NEC", "dateReserved": "2025-10-09T06:46:38.729Z", "datePublished": "2025-12-22T05:07:30.369Z", "dateUpdated": "2025-12-22T05:07:30.369Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "NP-P502HL-2, NP-P502WL-2, NP-P502HLG-2, NP-P502WLG, NP-P502H, NP-P502W, NP-P452H, NP-P452W, NP-P502HG, NP-P502WG, NP-P452HG, NP-P452WG, NP-P502H+, NP-P502W+, NP-CR5450H, NP-CR5450W, NP-P502HL, NP-P502WL, NP-P502HLG, NP-P502WLG, NP-P502HL+, NP-P502WL+, NP-CR5450HL, NP-CR5450WL, NP-UM352W, NP-UM352WG, NP-UM352W+", "vendor": "Sharp Display Solutions, Ltd.", "versions": [{"status": "affected", "version": "All versions"}]}], "credits": [{"lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Sebastian Pahl of University Luxembourg"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector."}], "value": "Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector."}], "metrics": [{"cvssV4_0": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.1, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282", "shortName": "NEC", "dateUpdated": "2025-12-22T05:07:30.369Z"}, "references": [{"url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11540.html"}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{"cveTags": [{"sourceIdentifier": "psirt-info@cyber.jp.nec.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Path Traversal vulnerability in Sharp Display Solutions projectors allows a attacker may access and read any files within the projector."}], "id": "CVE-2025-11540", "lastModified": "2025-12-22T05:16:06.807", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt-info@cyber.jp.nec.com", "type": "Secondary"}]}, "published": "2025-12-22T05:16:06.807", "references": [{"source": "psirt-info@cyber.jp.nec.com", "url": "https://sharp-displays.jp.sharp/global/support/info/PJ-CVE-2025-11540.html"}], "sourceIdentifier": "psirt-info@cyber.jp.nec.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt-info@cyber.jp.nec.com", "type": "Secondary"}]}