{"id":"CVE-2025-63408","details":"Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request (SSRF), or execute OS commands.","modified":"2026-03-13T03:38:16.770099Z","published":"2025-11-18T16:15:45.323Z","references":[{"type":"WEB","url":"https://ispysoftware.github.io/Agent_API/"},{"type":"EVIDENCE","url":"https://www.ericholub.com/blog/agent-dvr-rce/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.6.7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63408.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}