AI description
CVE-2025-27920 is a directory traversal vulnerability that affects Output Messenger version 2.0.62 and earlier. This vulnerability allows authenticated attackers to upload malicious files into the server's startup directory by using "../" sequences in parameters to access files outside the intended directory. Successful exploitation of this vulnerability could allow attackers to access sensitive files, potentially leading to configuration leakage or arbitrary file access. It was discovered that a threat actor named Marbled Dust exploited this vulnerability in a cyber espionage campaign, targeting the Kurdish military operating in Iraq. Output Messenger released version 2.0.63 in late December 2024 to address this vulnerability.
- Description
- Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 2.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Srimax Output Messenger Directory Traversal Vulnerability
- Exploit added on
- May 19, 2025
- Exploit action due
- Jun 9, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-27920 #Srimax Output Messenger Directory Traversal Vulnerability https://t.co/bCzif0qlDJ
@ScyScan
22 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-27920
@transilienceai
21 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-27920
@transilienceai
21 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-27920
@transilienceai
20 May 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-27920
@transilienceai
14 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
トルコのハッカーがイラクのスパイ目的でOutput Messengerのゼロデイ脆弱性を利用(CVE-2025-27920) https://t.co/8hTwtH9DCj #Security #セキュリティ #ニュース
@SecureShield_
14 May 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Turkey Hackers Target Indian Business! APT group Marbled Dust exploited a zero-day in Output Messenger (CVE-2025-27920) to deploy Golang backdoors. 🎯 Supply chain attack 💻 Indian-made software compromised 📍 Targets: Kurdish-linked entities 📢 Patch now or risk ex
@cybrhoodsentinl
13 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 مجموعة هاكرز ( Marbled Dust ) والمرتبطة بتركيا 🇹🇷, تستغل ثغرة (Zero-day) في تطبيق المراسلة Output Messenger، والذي يُستخدم بكثرة في إقليم كردستان، لاستهداف جهات عسكرية
@abdul__alamri
13 May 2025
2451 Impressions
1 Retweet
22 Likes
8 Bookmarks
1 Reply
0 Quotes
Turkish hackers linked to Marbled Dust, Sea Turtle, and UNC1326 exploited CVE-2025-27920 in Output Messenger even after patch release, targeting Kurdish military in Iraq for espionage via credential theft & backdoors. 🚨 #Iraq #Espionage #Security https://t.co/ygzvp6cBcd
@TweetThreatNews
13 May 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📡 Nisan 2024’ten bu yana, Microsoft Threat Intelligence tarafından “Marbled Dust” olarak izlenen ve Türkiye bağlantılı olduğu değerlendirilen bir tehdit aktörü, çok platformlu bir sohbet yazılımı olan Output Messenger’daki sıfır gün (zero-day) güvenlik
@tweetozof
13 May 2025
90 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: Marbled Dust leverages zero-day in Output Messenger for regional espionage CVE-2025-27920 CVE-2025-27921 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/DqPKR2XCkK #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
13 May 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Turkish-linked hackers exploited zero-day CVE-2025-27920 in Output Messenger to target Iraqi Kurdish military personnel since April 2024, deploying Golang backdoors & exfiltrating sensitive data. 🇹🇷 #CyberEspionage #MiddleEast #Kurdish https://t.co/m1deWBfnNh
@TweetThreatNews
13 May 2025
46 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft researchers look into a recent campaign of a Türkiye-affiliated espionage threat actor. Marbled Dust has been seen exploiting user accounts that have not applied fixes to zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger https://t.co/Nqp8DTrzY
@virusbtn
13 May 2025
1906 Impressions
8 Retweets
30 Likes
8 Bookmarks
1 Reply
1 Quote
Microsoft Threat Intelligence tarafından raporlanan saldırılarda, Türkiye bağlantılı olduğu düşünülen "Marbled Dust" adlı siber casusluk grubu, "Output Messenger" isimli mesajlaşma uygulamasında bulunan sıfır gün açığını (CVE-2025-27920) kullanarak Nisan 20
@_shadowintel_
13 May 2025
1617 Impressions
0 Retweets
17 Likes
9 Bookmarks
1 Reply
0 Quotes
"🚨Marbled Dust, a Türkiye-linked group, exploits Output Messenger zero-day (CVE-2025-27920) since Apr '24, targeting Kurdish military entities in Iraq. They deliver malware & exfiltrate data via GoLang backdoors. Learn more: https://t.co/Izavp7xA6h"
@Tudorel92659164
13 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Marbled Dust exploits zero-day (CVE-2025-27920) in Output Messenger to deliver payloads and exfiltrate data from targets in Iraq, mainly Kurdish military. Microsoft urges updates and mitigation. 🚨 #Espionage #Iraq #Cyberattack https://t.co/1JSdd89Llh
@TweetThreatNews
13 May 2025
121 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 A zero-day exploit, a chat app, and a silent cyberwar. A Türkiye-linked hacker group Marbled Dust exploited CVE-2025-27920 in India's Output Messenger—targeting Kurdish military users in Iraq via a stealthy backdoor. Read details ➡️ https://t.co/Y4CyNjYbVs https://t
@StringsVsAtoms
13 May 2025
87 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 A zero-day exploit, a chat app, and a silent cyberwar. A Türkiye-linked hacker group Marbled Dust exploited CVE-2025-27920 in India's Output Messenger—targeting Kurdish military users in Iraq via a stealthy backdoor. Read details ➡️ https://t.co/FT7d0khICv
@TheHackersNews
13 May 2025
13561 Impressions
48 Retweets
106 Likes
30 Bookmarks
3 Replies
3 Quotes
Output Messengerの欠陥がスパイ攻撃でゼロデイとして悪用される(CVE-2025-27920) https://t.co/CBbxSItb7p #Security #セキュリティ #ニュース
@SecureShield_
13 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
マイクロソフトの脅威インテリジェンスは、トルコ系APT「Marbled Dust」がOutput Messengerのゼロデイ(CVE-2025-27920)を悪用し、2024年4月以降イラクのクルド軍関係者を標的とする諜報キャンペーンを確認した。
@yousukezan
12 May 2025
1576 Impressions
1 Retweet
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Turkish-linked hackers from Marbled Dust exploited a zero-day in Output Messenger (CVE-2025-27920), targeting Kurdish military users in Iraq since April 2024. Obscure enterprise tools pose serious risks. ⚠️ #CyberThreat #MiddleEast #Turkey https://t.co/sNi7g77GO8
@TweetThreatNews
12 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A Türkiye-backed group, Marbled Dust, exploited CVE-2025-27920 in Output Messenger via a directory traversal flaw to access sensitive data, deploy malware, & impersonate users, threatening Kurdish military-linked systems. 🚨 #CyberAttack #Turkey https://t.co/4eQ5hAkL3j
@TweetThreatNews
12 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Marbled Dust, a Türkiye-affiliated espionage group, has exploited a zero-day vulnerability (CVE-2025-27920) in Output Messenger since April 2024, targeting Kurdish military entities in Iraq. https://t.co/Nd8V3H8EEN
@securityRSS
12 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Türkiye-linked hackers exploited a zero-day in Output Messenger (CVE-2025-27920) in a campaign targeting Iraqi entities & Kurdish military, deploying malware for espionage. ⚠️ #CyberThreat #Iraq #MarbledDust https://t.co/OkXkW3YTGX
@TweetThreatNews
12 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27920 (CVSS:9.8, CRITICAL) is Awaiting Analysis. Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By us..https://t.co/DVWlqdibEj #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
10 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-27920 ⚠️🔴 CRITICAL (9.8) 🏢 Unknown Vendor - Unknown Product 🏗️ Unknown Version 🔗 https://t.co/ZAWymbYaN5 🔗 https://t.co/MT5ZAggVid #CyberCron #VulnAlert #InfoSec https://t.co/DOBVlicmRo
@cybercronai
7 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27920 Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers cou… https://t.co/l3ayI35Fz3
@CVEnew
5 May 2025
263 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:srimax:output_messenger:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3F0B13C-91AE-4C97-A674-451972BF2C4D",
"versionEndExcluding": "2.0.63"
}
],
"operator": "OR"
}
]
}
]