What is CVE-2025-48496?

CVE-2025-48496 is a medium-severity vulnerability in Emerson Valvelink Dtm, classified under Uncontrolled Search Path Element. CVSS score: 5.1/10. Published 2025-07-10.

How severe is CVE-2025-48496?

Medium severity. CVSS v3 base score is 5.1 out of 10.

Vulnerability in Emerson Valvelink Dtm

CVE-2025-48496

Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.1 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Emerson Valvelink Dtm — versions 0
Emerson Valvelink Prm — versions 0
Emerson Valvelink Snap-on — versions 0
Emerson Valvelink Solo — versions 0

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

www.cisa.gov/news-events/ics-advisories/icsa-25-189-01
www.emerson.com/en-us/support/security-notifications
www.emerson.com/en-us/support/software-downloads-drivers

Frequently asked questions

What is CVE-2025-48496?: CVE-2025-48496 is a medium-severity vulnerability in Emerson Valvelink Dtm, classified under Uncontrolled Search Path Element. CVSS score: 5.1/10. Published 2025-07-10.
How severe is CVE-2025-48496?: Medium severity. CVSS v3 base score is 5.1 out of 10.