CVE-2025-27920 — Srimax Output Messenger Directory Traversal Vulnerability

[event] Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

> AFFECTED SOFTWARE

> MITIGATION

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due Date: 2025-06-09

> REFERENCES

• [1] https://www.outputmessenger.com/cve-2025-27920/
• [2] https://nvd.nist.gov/vuln/detail/CVE-2025-27920