A high-severity vulnerability has been identified in Enterprise Cloud Database products developed by Ragic. This flaw, tracked as CVE-2025-15015, allows an unauthenticated attacker to remotely read any file on the affected server. Successful exploitation could lead to the theft of sensitive data, such as system credentials, configuration files, and proprietary information, posing a significant risk to data confidentiality and system integrity.

The vulnerability is a Relative Path Traversal (also known as Directory Traversal) within the Enterprise Cloud Database. A remote, unauthenticated attacker can exploit this flaw by sending a specially crafted request to the server that includes path traversal sequences (e.g., ../). The application fails to properly sanitize this input, allowing the attacker to navigate outside of the intended web root directory and access arbitrary files on the server's file system, leading to an Arbitrary File Read condition.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation by an unauthenticated attacker could have severe business consequences, including the exposure of highly sensitive data like customer information, intellectual property, application source code, and credentials stored in configuration files. This data breach could lead to significant financial loss, regulatory fines for non-compliance with data protection standards (e.g., GDPR, CCPA), reputational damage, and could serve as a foothold for further attacks on the organization's network.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor immediately across all affected systems. After patching, organizations should proactively review web server and application access logs for any signs of exploitation attempts that may have occurred prior to the update.

Proactive Monitoring: Security teams should configure monitoring to detect potential exploitation attempts. This includes searching web server access logs for requests containing path traversal character sequences such as ../, ..%2f, %2e%2e/, and their variants. Monitor for unusual outbound network traffic from affected servers, which could indicate data exfiltration, and set up alerts for unexpected file access by the web server's user account.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block path traversal attacks. Additionally, enforce strict file system permissions (principle of least privilege) for the user account running the web application to limit its access to only essential files and directories, thereby reducing the impact of a potential breach.

Public Exploit Available: false

Given the high CVSS score of 7.5 and the ability for unauthenticated attackers to remotely access sensitive files, this vulnerability presents a significant risk and should be remediated with high priority. Organizations are strongly urged to apply the vendor-supplied security patches immediately to all affected products. Although not currently on the CISA KEV list, the simplicity of exploitation means that organizations should not delay action. If patching is delayed, the implementation of compensating controls such as a WAF is critical to mitigate immediate risk.