CWE-23
Relative Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
CVE-2025-62498 (GCVE-0-2025-62498)
Vulnerability from cvelistv5 – Published: 2025-10-23 21:46 – Updated: 2025-10-24 14:34
VLAI
Title
AutomationDirect Productivity Suite Relative Path Traversal
Summary
A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version
4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.
Severity
CWE
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| AutomationDirect | Productivity Suite |
Affected:
0 , ≤ SW V4.2.1.9
(custom)
|
|
| AutomationDirect | Productivity 3000 P3-622 CPU |
Affected:
0 , ≤ SW V4.2.1.9
(custom)
|
|
| AutomationDirect | Productivity 3000 P3-550E CPU |
Affected:
0 , ≤ SW V4.2.1.9
(custom)
|
|
| AutomationDirect | Productivity 3000 P3-530 CPU |
Affected:
0 , ≤ SW v4.4.1.19
(custom)
|
|
| AutomationDirect | Productivity 2000 P2-622 CPU |
Affected:
0 , ≤ SW v4.4.1.19
(custom)
|
|
| AutomationDirect | Productivity 2000 P2-550 CPU |
Affected:
0 , ≤ SW v4.4.1.19
(custom)
|
|
| AutomationDirect | Productivity 1000 P1-550 CPU |
Affected:
0 , ≤ SW v4.4.1.19
(custom)
|
|
| AutomationDirect | Productivity 1000 P1-540 CPU |
Affected:
0 , < SW v4.4.1.19
(custom)
|
Date Public
2025-10-23 16:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62498",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-24T14:34:28.270545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T14:34:34.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Productivity Suite",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "SW V4.2.1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Productivity 3000 P3-622 CPU",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "SW V4.2.1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Productivity 3000 P3-550E CPU",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "SW V4.2.1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Productivity 3000 P3-530 CPU",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "SW v4.4.1.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Productivity 2000 P2-622 CPU",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "SW v4.4.1.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Productivity 2000 P2-550 CPU",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "SW v4.4.1.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Productivity 1000 P1-550 CPU",
"vendor": "AutomationDirect",
"versions": [
{
"lessThanOrEqual": "SW v4.4.1.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Productivity 1000 P1-540 CPU",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "SW v4.4.1.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automationdirect:productivity_suite:*:*:*:*:*:*:*:*",
"versionEndIncluding": "sw_v4.2.1.9",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automationdirect:productivity_3000_p3-622_cpu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "sw_v4.2.1.9",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automationdirect:productivity_3000_p3-550e_cpu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "sw_v4.2.1.9",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automationdirect:productivity_3000_p3-530_cpu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "sw_v4.4.1.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automationdirect:productivity_2000_p2-622_cpu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "sw_v4.4.1.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automationdirect:productivity_2000_p2-550_cpu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "sw_v4.4.1.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automationdirect:productivity_1000_p1-550_cpu:*:*:*:*:*:*:*:*",
"versionEndIncluding": "sw_v4.4.1.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automationdirect:productivity_1000_p1-540_cpu:*:*:*:*:*:*:*:*",
"versionEndExcluding": "sw_v4.4.1.19",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello of Nozomi Networks reported these vulnerabilities to AutomationDirect."
}
],
"datePublic": "2025-10-23T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e \n\n\u003cspan style=\"background-color: rgb(252, 240, 192);\"\u003e4.4.1.19\u003c/span\u003e. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened."
}
],
"value": "A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version \n\n4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T21:46:45.360Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01"
},
{
"url": "https://www.automationdirect.com/support/software-downloads"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAutomationDirect recommends that users do the following:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpdate the Productivity Suite programming software to version 4.5.0.x or higher.\u003c/li\u003e\u003cli\u003eUpdate the firmware of Productivity PLCs to the latest version. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/support/software-downloads\"\u003ehttps://www.automationdirect.com/support/software-downloads\u003c/a\u003e\u003c/li\u003e\u003cli\u003eAlthough automation networks and systems come equipped with built-in password protection mechanisms, this represents a fraction of the security measures needed to safeguard these systems.\u003c/li\u003e\u003cli\u003eIt is imperative that automation control system networks integrate data protection and security measures that match, if not exceed, the robustness of conventional business computer systems.\u003c/li\u003e\u003cli\u003eAutomationDirect advises users of PLCs, HMI products, and SCADA systems to conduct a thorough network security analysis to ascertain the appropriate level of security necessary for their specific application.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AutomationDirect recommends that users do the following:\n\n * Update the Productivity Suite programming software to version 4.5.0.x or higher.\n * Update the firmware of Productivity PLCs to the latest version. https://www.automationdirect.com/support/software-downloads \n * Although automation networks and systems come equipped with built-in password protection mechanisms, this represents a fraction of the security measures needed to safeguard these systems.\n * It is imperative that automation control system networks integrate data protection and security measures that match, if not exceed, the robustness of conventional business computer systems.\n * AutomationDirect advises users of PLCs, HMI products, and SCADA systems to conduct a thorough network security analysis to ascertain the appropriate level of security necessary for their specific application."
}
],
"source": {
"advisory": "ICSA-25-296-01",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect Productivity Suite Relative Path Traversal",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAutomationDirect has identified the following mitigations for instances where systems cannot be upgraded to the latest version:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePhysically disconnect the PLC from any external networks, including the internet, local area networks (LANs), and other interconnected systems.\u003c/li\u003e\u003cli\u003eConfigure network segmentation to isolate the PLC from other devices and systems within the organization.\u003c/li\u003e\u003cli\u003eImplement firewall rules or network access control (NAC) policies to block incoming and outgoing traffic to the PLC.\u003c/li\u003e\u003cli\u003ePlease refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.automationdirect.com/docs/securityconsiderations.pdf\"\u003eAutomationDirect\u0027s security considerations\u003c/a\u003e\u0026nbsp;for additional information.\u003c/li\u003e\u003cli\u003eIf you have any questions regarding this issue, please contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for further assistance.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AutomationDirect has identified the following mitigations for instances where systems cannot be upgraded to the latest version:\n\n * Physically disconnect the PLC from any external networks, including the internet, local area networks (LANs), and other interconnected systems.\n * Configure network segmentation to isolate the PLC from other devices and systems within the organization.\n * Implement firewall rules or network access control (NAC) policies to block incoming and outgoing traffic to the PLC.\n * Please refer to AutomationDirect\u0027s security considerations https://support.automationdirect.com/docs/securityconsiderations.pdf \u00a0for additional information.\n * If you have any questions regarding this issue, please contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for further assistance."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-62498",
"datePublished": "2025-10-23T21:46:45.360Z",
"dateReserved": "2025-10-21T21:55:11.793Z",
"dateUpdated": "2025-10-24T14:34:34.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62552 (GCVE-0-2025-62552)
Vulnerability from cvelistv5 – Published: 2025-12-09 17:55 – Updated: 2026-04-16 14:18
VLAI
Title
Microsoft Access Remote Code Execution Vulnerability
Summary
Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.
Severity
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Access 2016 |
Affected:
16.0.0 , < 16.0.5530.1000
(custom)
|
|
| Microsoft | Microsoft Access 2016 (32-bit edition) |
Affected:
16.0.0 , < 16.0.5530.1000
(custom)
|
|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2021 |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
|
| Microsoft | Microsoft Office LTSC 2024 |
Affected:
16.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
|
Date Public
2025-12-09 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-10T04:56:47.096175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:21:12.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Access 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5530.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Access 2016 (32-bit edition)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5530.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2021",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office LTSC 2024",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:office_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_apps:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2021:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:office_2024:*:*:*:*:long_term_servicing_channel:*:*:*",
"versionEndExcluding": "https://aka.ms/OfficeSecurityReleases",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5530.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:access_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.5530.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-12-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T14:18:50.282Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Access Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62552"
}
],
"title": "Microsoft Access Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-62552",
"datePublished": "2025-12-09T17:55:55.308Z",
"dateReserved": "2025-10-15T17:11:21.219Z",
"dateUpdated": "2026-04-16T14:18:50.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62878 (GCVE-0-2025-62878)
Vulnerability from cvelistv5 – Published: 2026-02-25 10:49 – Updated: 2026-02-26 14:44
VLAI
Title
Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern
Summary
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
Severity
9.9 (Critical)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
Date Public
2026-02-04 19:17
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T04:55:51.167071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:06.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "github.com/rancher/local-path-provisioner",
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.0.34",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-02-04T19:17:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious user can manipulate the parameters.pathPattern\u0026nbsp;to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories."
}
],
"value": "A malicious user can manipulate the parameters.pathPattern\u00a0to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T10:50:22.691Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62878"
},
{
"url": "https://github.com/advisories/GHSA-jr3w-9vfr-c746"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2025-62878",
"datePublished": "2026-02-25T10:49:29.596Z",
"dateReserved": "2025-10-24T10:34:22.765Z",
"dateUpdated": "2026-02-26T14:44:06.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64446 (GCVE-0-2025-64446)
Vulnerability from cvelistv5 – Published: 2025-11-14 15:50 – Updated: 2026-02-26 16:56
VLAI
Summary
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Severity
9.4 (Critical)
CWE
- CWE-23 - Escalation of privilege
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiWeb |
Affected:
8.0.0 , ≤ 8.0.1
(semver)
Affected: 7.6.0 , ≤ 7.6.4 (semver) Affected: 7.4.0 , ≤ 7.4.9 (semver) Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.11 (semver) cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64446",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-15T04:56:17.687579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-11-14",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64446"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:56:56.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64446"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-20T21:16:49.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"timeline": [
{
"lang": "en",
"time": "2025-11-20T21:16:49.289Z",
"value": "Previously entered references were removed because they are not applicable to this CVE Record."
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortiweb:8.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:8.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiweb:7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.4",
"status": "affected",
"version": "7.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.9",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.11",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Escalation of privilege",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:16:10.074Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-910",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-910"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiWeb version 8.0.2 or above\nUpgrade to FortiWeb version 7.6.5 or above\nUpgrade to FortiWeb version 7.4.10 or above\nUpgrade to FortiWeb version 7.2.12 or above\nUpgrade to FortiWeb version 7.0.12 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-64446",
"datePublished": "2025-11-14T15:50:52.778Z",
"dateReserved": "2025-11-04T14:26:34.042Z",
"dateUpdated": "2026-02-26T16:56:56.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64714 (GCVE-0-2025-64714)
Vulnerability from cvelistv5 – Published: 2025-11-13 15:16 – Updated: 2025-11-13 15:34
VLAI
Title
PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal
Summary
PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselection` is enabled in the configuration, the server trusts the `template` cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file elsewhere, gain remote code execution. The constructed path of the template file is checked for existence, then included. For PrivateBin project files this does not leak any secrets due to data files being created with PHP code that prevents execution, but if a configuration file without that line got created or the visitor figures out the relative path to a PHP script that directly performs an action without appropriate privilege checking, those might execute or leak information. The issue has been patched in version 2.0.3. As a workaround, set `templateselection = false` (which is the default) in `cfg/conf.php` or remove it entirely
Severity
5.8 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/PrivateBin/PrivateBin/security… | x_refsource_CONFIRM |
| https://github.com/PrivateBin/PrivateBin/commit/4… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PrivateBin | PrivateBin |
Affected:
>= 1.7.7, < 2.0.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:33:16.903299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:34:19.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PrivateBin",
"vendor": "PrivateBin",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.7.7, \u003c 2.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion exists in the template-switching feature. If `templateselection` is enabled in the configuration, the server trusts the `template` cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file elsewhere, gain remote code execution. The constructed path of the template file is checked for existence, then included. For PrivateBin project files this does not leak any secrets due to data files being created with PHP code that prevents execution, but if a configuration file without that line got created or the visitor figures out the relative path to a PHP script that directly performs an action without appropriate privilege checking, those might execute or leak information. The issue has been patched in version 2.0.3. As a workaround, set `templateselection = false` (which is the default) in `cfg/conf.php` or remove it entirely"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-98",
"description": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:16:55.347Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-g2j9-g8r5-rg82",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-g2j9-g8r5-rg82"
},
{
"name": "https://github.com/PrivateBin/PrivateBin/commit/4434dbf73ac53217fda0f90d8cf9b6110f8acc4f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PrivateBin/PrivateBin/commit/4434dbf73ac53217fda0f90d8cf9b6110f8acc4f"
}
],
"source": {
"advisory": "GHSA-g2j9-g8r5-rg82",
"discovery": "UNKNOWN"
},
"title": "PrivateBin\u0027s template-switching feature allows arbitrary local file inclusion through path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64714",
"datePublished": "2025-11-13T15:16:55.347Z",
"dateReserved": "2025-11-10T14:07:42.922Z",
"dateUpdated": "2025-11-13T15:34:19.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-64757 (GCVE-0-2025-64757)
Vulnerability from cvelistv5 – Published: 2025-11-19 16:40 – Updated: 2025-11-19 21:04
VLAI
Title
Astro Development Server is Vulnerable to Arbitrary Local File Read
Summary
Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. This issue has been patched in version 5.14.3.
Severity
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/withastro/astro/security/advis… | x_refsource_CONFIRM |
| https://github.com/withastro/astro/commit/b8ca69b… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-64757",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T21:04:14.914682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T21:04:23.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "astro",
"vendor": "withastro",
"versions": [
{
"status": "affected",
"version": "\u003c 5.14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework\u0027s development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system. This issue has been patched in version 5.14.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:40:36.031Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/withastro/astro/security/advisories/GHSA-x3h8-62x9-952g"
},
{
"name": "https://github.com/withastro/astro/commit/b8ca69b97149becefaf89bf21853de9c905cdbb7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/withastro/astro/commit/b8ca69b97149becefaf89bf21853de9c905cdbb7"
}
],
"source": {
"advisory": "GHSA-x3h8-62x9-952g",
"discovery": "UNKNOWN"
},
"title": "Astro Development Server is Vulnerable to Arbitrary Local File Read"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-64757",
"datePublished": "2025-11-19T16:40:36.031Z",
"dateReserved": "2025-11-10T22:29:34.875Z",
"dateUpdated": "2025-11-19T21:04:23.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66386 (GCVE-0-2025-66386)
Vulnerability from cvelistv5 – Published: 2025-11-28 00:00 – Updated: 2025-11-28 15:17
VLAI
Summary
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
Severity
4.1 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-28T15:16:57.258479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T15:17:40.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MISP",
"vendor": "MISP",
"versions": [
{
"lessThan": "2.5.27",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T06:56:34.804Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/MISP/MISP/commit/7f4a0386d38672eddc139f5735d71c3b749623ce"
},
{
"url": "https://github.com/MISP/MISP/compare/v2.5.26...v2.5.27"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66386",
"datePublished": "2025-11-28T00:00:00.000Z",
"dateReserved": "2025-11-28T00:00:00.000Z",
"dateUpdated": "2025-11-28T15:17:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66626 (GCVE-0-2025-66626)
Vulnerability from cvelistv5 – Published: 2025-12-09 20:19 – Updated: 2025-12-12 20:36
VLAI
Title
argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links
Summary
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link's target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod's start. The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. This issue is fixed in versions 3.6.14 and 3.7.5.
Severity
8.1 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/argoproj/argo-workflows/securi… | x_refsource_CONFIRM |
| https://github.com/argoproj/argo-workflows/commit… | x_refsource_MISC |
| https://github.com/advisories/GHSA-p84v-gxvw-73pf | x_refsource_MISC |
| https://github.com/argoproj/argo-workflows/blob/5… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| argoproj | argo-workflows |
Affected:
github.com/argoproj/argo-workflows/v3 >= 3.7.0, < 3.7.5
Affected: github.com/argoproj/argo-workflows/v3 < 3.6.14 Affected: github.com/argoproj/argo-workflows <= 2.5.3-rc4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66626",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T20:36:33.809579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T20:36:40.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/advisories/GHSA-p84v-gxvw-73pf"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "argo-workflows",
"vendor": "argoproj",
"versions": [
{
"status": "affected",
"version": "github.com/argoproj/argo-workflows/v3 \u003e= 3.7.0, \u003c 3.7.5"
},
{
"status": "affected",
"version": "github.com/argoproj/argo-workflows/v3 \u003c 3.6.14"
},
{
"status": "affected",
"version": "github.com/argoproj/argo-workflows \u003c= 2.5.3-rc4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Versions 3.6.13 and below and versions 3.7.0 through 3.7.4, contain unsafe untar code that handles symbolic links in archives. Concretely, the computation of a link\u0027s target and the subsequent check are flawed. An attacker can overwrite the file /var/run/argo/argoexec with a script of their choice, which would be executed at the pod\u0027s start. The patch deployed against CVE-2025-62156 is ineffective against malicious archives containing symbolic links. This issue is fixed in versions 3.6.14 and 3.7.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:19:14.680Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-xrqc-7xgx-c9vh"
},
{
"name": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-workflows/commit/6b92af23f35aed4d4de8b04adcaf19d68f006de1"
},
{
"name": "https://github.com/advisories/GHSA-p84v-gxvw-73pf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/advisories/GHSA-p84v-gxvw-73pf"
},
{
"name": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/argoproj/argo-workflows/blob/5291e0b01f94ba864f96f795bb500f2cfc5ad799/workflow/executor/executor.go#L1034-L1037"
}
],
"source": {
"advisory": "GHSA-xrqc-7xgx-c9vh",
"discovery": "UNKNOWN"
},
"title": "argoproj/argo-workflows is vulnerable to RCE via ZipSlip and symbolic links"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66626",
"datePublished": "2025-12-09T20:19:14.680Z",
"dateReserved": "2025-12-05T15:18:02.789Z",
"dateUpdated": "2025-12-12T20:36:40.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68472 (GCVE-0-2025-68472)
Vulnerability from cvelistv5 – Published: 2026-01-12 16:53 – Updated: 2026-02-20 16:17
VLAI
Title
MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
Summary
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not "url". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.
Severity
8.1 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mindsdb/mindsdb/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68472",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T18:36:34.460933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T18:36:45.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-20T16:17:22.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "mindsdb",
"vendor": "mindsdb",
"versions": [
{
"status": "affected",
"version": "\u003c 25.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB\u2019s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not \"url\". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36: Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:09:01.293Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7"
}
],
"source": {
"advisory": "GHSA-qqhf-pm3j-96g7",
"discovery": "UNKNOWN"
},
"title": "MindsDB has improper sanitation of filepath that leads to information disclosure and DOS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68472",
"datePublished": "2026-01-12T16:53:47.748Z",
"dateReserved": "2025-12-18T13:52:15.491Z",
"dateUpdated": "2026-02-20T16:17:22.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7146 (GCVE-0-2025-7146)
Vulnerability from cvelistv5 – Published: 2025-07-08 01:19 – Updated: 2025-07-08 14:05
VLAI
Title
Jhenggao iPublish System - Arbitrary File Reading through Path Traversal
Summary
The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file.
Severity
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-10233-45fc8-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-10234-38665-2.html | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jhenggao | iPublish System |
Affected:
0
|
Date Public
2025-07-08 01:16
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T14:04:48.515912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T14:05:31.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iPublish System",
"vendor": "Jhenggao",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2025-07-08T01:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file."
}
],
"value": "The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T01:19:16.521Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-10233-45fc8-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-10234-38665-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For school running the system on-premises, please contact the vendor to confirm the update status, or consider disabling external access and limiting use to within the campus only.\u003cbr\u003e"
}
],
"value": "For school running the system on-premises, please contact the vendor to confirm the update status, or consider disabling external access and limiting use to within the campus only."
}
],
"source": {
"advisory": "TVN-202507002",
"discovery": "EXTERNAL"
},
"title": "Jhenggao iPublish System - Arbitrary File Reading through Path Traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2025-7146",
"datePublished": "2025-07-08T01:19:16.521Z",
"dateReserved": "2025-07-07T03:50:37.980Z",
"dateUpdated": "2025-07-08T14:05:31.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5.1
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20.1
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
- Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links (CWE-23, CWE-59). This includes:
- realpath() in C
- getCanonicalPath() in Java
- GetFullPath() in ASP.NET
- realpath() or abs_path() in Perl
- realpath() in PHP
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-139: Relative Path Traversal
An attacker exploits a weakness in input validation on the target by supplying a specially constructed path utilizing dot and slash characters for the purpose of obtaining access to arbitrary files or resources. An attacker modifies a known path on the target in order to reach material that is not available through intended channels. These attacks normally involve adding additional path separators (/ or \) and/or dots (.), or encodings thereof, in various combinations in order to reach parent directories or entirely separate trees of the target's directory structure.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.