CWE-35

Path Traversal: '.../...//'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

CVE-2024-12087 (GCVE-0-2024-12087)
Vulnerability from cvelistv5
Published
2025-01-14 17:57
Modified
2025-08-12 20:37
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
References
https://access.redhat.com/errata/RHSA-2025:2600vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:7050vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:8385vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-12087vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2330672issue-tracking, x_refsource_REDHAT
https://kb.cert.org/vuls/id/952657
Impacted products
Vendor Product Version
Version: 0    3.3.0
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.1.3-21.el8_10   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.5-3.el9   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.5-3.el9   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
   Red Hat Red Hat Discovery 1.14 Unaffected: sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e   < *
    cpe:/a:redhat:discovery:1.14::el9
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
   Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12087",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T14:12:12.897301Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T14:12:41.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/RsyncProject/rsync",
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "versions": [
            {
              "lessThanOrEqual": "3.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.3-21.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.5-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.5-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:1.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 1.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
        }
      ],
      "datePublic": "2025-01-14T15:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client\u0027s intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T20:37:25.409Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:2600",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2600"
        },
        {
          "name": "RHSA-2025:7050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7050"
        },
        {
          "name": "RHSA-2025:8385",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8385"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-12087"
        },
        {
          "name": "RHBZ#2330672",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330672"
        },
        {
          "url": "https://kb.cert.org/vuls/id/952657"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-05T21:23:24.139000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-01-14T15:06:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Rsync: path traversal vulnerability in rsync",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-12087",
    "datePublished": "2025-01-14T17:57:33.927Z",
    "dateReserved": "2024-12-03T08:58:04.170Z",
    "dateUpdated": "2025-08-12T20:37:25.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12088 (GCVE-0-2024-12088)
Vulnerability from cvelistv5
Published
2025-01-14 17:38
Modified
2025-08-12 20:37
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
References
https://access.redhat.com/errata/RHSA-2025:2600vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:7050vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2025:8385vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-12088vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2330676issue-tracking, x_refsource_REDHAT
https://kb.cert.org/vuls/id/952657
Impacted products
Vendor Product Version
Version: 0    3.3.0
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:3.1.3-21.el8_10   < *
    cpe:/o:redhat:enterprise_linux:8::baseos
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.5-3.el9   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.5-3.el9   < *
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
   Red Hat Red Hat Discovery 1.14 Unaffected: sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e   < *
    cpe:/a:redhat:discovery:1.14::el9
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
   Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12088",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T14:13:08.347346Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T14:13:22.355Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/RsyncProject/rsync",
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "versions": [
            {
              "lessThanOrEqual": "3.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.3-21.el8_10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.5-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.5-3.el9",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:1.14::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "registry.redhat.io/discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 1.14",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
        }
      ],
      "datePublic": "2025-01-14T15:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-12T20:37:26.103Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:2600",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2600"
        },
        {
          "name": "RHSA-2025:7050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:7050"
        },
        {
          "name": "RHSA-2025:8385",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:8385"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-12088"
        },
        {
          "name": "RHBZ#2330676",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330676"
        },
        {
          "url": "https://kb.cert.org/vuls/id/952657"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-05T21:55:22.700000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-01-14T15:06:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Rsync: --safe-links option bypass leads to path traversal",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-12088",
    "datePublished": "2025-01-14T17:38:34.890Z",
    "dateReserved": "2024-12-03T08:58:08.307Z",
    "dateUpdated": "2025-08-12T20:37:26.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41972 (GCVE-0-2024-41972)
Vulnerability from cvelistv5
Published
2024-11-18 09:04
Modified
2025-08-27 21:33
CWE
  • CWE-35 - Path Traversal: '.../...//'
Summary
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41972",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T14:53:48.536484Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T21:33:03.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 0750-821x/xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "04.04.03 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751/9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "04.03.03 (72)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751/9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "04.04.03 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Diego Giubertoni"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A low privileged remote attacker can\u0026nbsp;overwrite an arbitrary file on the filesystem which\u0026nbsp;may lead to an arbitrary file read with root privileges.\u003cbr\u003e"
            }
          ],
          "value": "A low privileged remote attacker can\u00a0overwrite an arbitrary file on the filesystem which\u00a0may lead to an arbitrary file read with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-30T08:43:14.234Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-047"
        }
      ],
      "source": {
        "advisory": "VDE-2024-047",
        "defect": [
          "CERT@VDE#641658"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-41972",
    "datePublished": "2024-11-18T09:04:56.284Z",
    "dateReserved": "2024-07-25T09:07:31.466Z",
    "dateUpdated": "2025-08-27T21:33:03.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41973 (GCVE-0-2024-41973)
Vulnerability from cvelistv5
Published
2024-11-18 09:05
Modified
2025-08-27 21:33
CWE
  • CWE-35 - Path Traversal: '.../...//'
Summary
A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-41973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-18T15:13:35.584257Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T21:33:03.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751-9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC100 G2 0750-811x-xxxx-xxxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 750-821x-xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-420x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-430x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-520x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-530x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-620x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TP600 0762-630x/8000-000x",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Edge Controller 0752-8303/8000-0002",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "4.5.10 (FW27)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PFC200 G2 0750-821x/xxx-xxx",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "04.04.03 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751/9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "04.03.03 (72)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "CC100 0751/9x01",
          "vendor": "WAGO",
          "versions": [
            {
              "lessThanOrEqual": "04.04.03 (70)",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Diego Giubertoni"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Nozomi Networks"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A low privileged remote attacker can\u0026nbsp;specify an arbitrary file on the filesystem which\u0026nbsp;may lead to an arbitrary file writes with root privileges.\u003cbr\u003e"
            }
          ],
          "value": "A low privileged remote attacker can\u00a0specify an arbitrary file on the filesystem which\u00a0may lead to an arbitrary file writes with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35 Path Traversal: \u0027.../...//\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-30T08:45:53.917Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-047"
        }
      ],
      "source": {
        "advisory": "VDE-2024-047",
        "defect": [
          "CERT@VDE#641658"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-41973",
    "datePublished": "2024-11-18T09:05:15.892Z",
    "dateReserved": "2024-07-25T09:07:31.466Z",
    "dateUpdated": "2025-08-27T21:33:03.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52885 (GCVE-0-2024-52885)
Vulnerability from cvelistv5
Published
2025-08-06 14:45
Modified
2025-08-06 15:03
CWE
Summary
The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.
Impacted products
Vendor Product Version
checkpoint Check Point Mobile Access Version: Check Point Mobile Access versions R81.10, R81.20, R82
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-06T15:02:46.396665Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-06T15:03:53.437Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Check Point Mobile Access",
          "vendor": "checkpoint",
          "versions": [
            {
              "status": "affected",
              "version": "Check Point Mobile Access versions R81.10, R81.20, R82"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Mobile Access Portal\u0027s File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of \u0027nobody\u0027-accessible directories on the Mobile Access gateway."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35: Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-06T14:45:43.182Z",
        "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "shortName": "checkpoint"
      },
      "references": [
        {
          "url": "https://support.checkpoint.com/results/sk/sk183137"
        }
      ],
      "title": "Path Traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
    "assignerShortName": "checkpoint",
    "cveId": "CVE-2024-52885",
    "datePublished": "2025-08-06T14:45:43.182Z",
    "dateReserved": "2024-11-17T08:00:07.201Z",
    "dateUpdated": "2025-08-06T15:03:53.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20320 (GCVE-0-2025-20320)
Vulnerability from cvelistv5
Published
2025-07-07 17:47
Modified
2025-07-08 13:37
CWE
  • CWE-35 - The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Summary
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
Impacted products
Vendor Product Version
Splunk Splunk Enterprise Version: 9.4   < 9.4.3
Version: 9.3   < 9.3.5
Version: 9.2   < 9.2.7
Version: 9.1   < 9.1.10
Create a notification for this product.
   Splunk Splunk Enterprise Cloud Version: 9.3.2411   < 9.3.2411.107
Version: 9.3.2408   < 9.3.2408.117
Version: 9.2.2406   < 9.2.2406.121
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-20320",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-08T13:37:10.108433Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-08T13:37:17.043Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Splunk Enterprise",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.4.3",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.5",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2.7",
              "status": "affected",
              "version": "9.2",
              "versionType": "custom"
            },
            {
              "lessThan": "9.1.10",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Splunk Enterprise Cloud",
          "vendor": "Splunk",
          "versions": [
            {
              "lessThan": "9.3.2411.107",
              "status": "affected",
              "version": "9.3.2411",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.2408.117",
              "status": "affected",
              "version": "9.3.2408",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2.2406.121",
              "status": "affected",
              "version": "9.2.2406",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Danylo Dmytriiev (DDV_UA)"
        }
      ],
      "datePublic": "2025-07-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
            }
          ],
          "value": "In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize \u0027.../...//\u0027 (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T17:47:59.569Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "url": "https://advisory.splunk.com/advisories/SVD-2025-0703"
        }
      ],
      "source": {
        "advisory": "SVD-2025-0703"
      },
      "title": "Denial of Service (DoS) through \u201cUser Interface - Views\u201c configuration page in Splunk Enterprise"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2025-20320",
    "datePublished": "2025-07-07T17:47:59.569Z",
    "dateReserved": "2024-10-10T19:15:13.254Z",
    "dateUpdated": "2025-07-08T13:37:17.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-26876 (GCVE-0-2025-26876)
Vulnerability from cvelistv5
Published
2025-02-25 14:17
Modified
2025-08-26 19:33
CWE
Summary
Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26876",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:38:53.488941Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T19:33:58.109Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "search-with-typesense",
          "product": "Search with Typesense",
          "vendor": "CodeManas",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.0.9",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "2.0.8",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "astra.r3verii (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePath Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal.\u003c/p\u003e\u003cp\u003eThis issue affects Search with Typesense: from n/a through 2.0.8.\u003c/p\u003e"
            }
          ],
          "value": "Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35 Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-25T14:17:51.077Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/search-with-typesense/vulnerability/wordpress-search-with-typesense-plugin-2-0-8-path-traversal-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress Search with Typesense wordpress plugin to the latest available version (at least 2.0.9)."
            }
          ],
          "value": "Update the WordPress Search with Typesense wordpress plugin to the latest available version (at least 2.0.9)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Search with Typesense Plugin \u003c= 2.0.8 - Path Traversal vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-26876",
    "datePublished": "2025-02-25T14:17:51.077Z",
    "dateReserved": "2025-02-17T11:49:35.314Z",
    "dateUpdated": "2025-08-26T19:33:58.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-40573 (GCVE-0-2025-40573)
Vulnerability from cvelistv5
Published
2025-05-13 09:38
Modified
2025-07-08 10:34
CWE
  • CWE-35 - Path Traversal: '.../...//'
Summary
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0 HF0). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup folder.
Impacted products
Vendor Product Version
Siemens SCALANCE LPE9403 Version: 0   < V4.0 HF0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-40573",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-13T18:43:18.390791Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-13T18:43:32.603Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SCALANCE LPE9403",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V4.0 HF0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions \u003c V4.0 HF0). Affected devices are vulnerable to path traversal attacks.\r\nThis could allow a privileged local attacker to restore backups that are outside the backup folder."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T10:34:37.967Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-327438.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2025-40573",
    "datePublished": "2025-05-13T09:38:56.842Z",
    "dateReserved": "2025-04-16T08:20:17.031Z",
    "dateUpdated": "2025-07-08T10:34:37.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-43886 (GCVE-0-2025-43886)
Vulnerability from cvelistv5
Published
2025-09-10 16:08
Modified
2025-09-11 13:24
CWE
  • CWE-35 - Path Traversal: '.../...//'
Summary
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-43886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-11T13:24:22.142728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-11T13:24:30.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerProtect Data Manager",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "19.21 build 11",
              "status": "affected",
              "version": "N/A",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-09-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: \u0027.../...//\u0027 vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker."
            }
          ],
          "value": "Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: \u0027.../...//\u0027 vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-10T16:08:55.075Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000367456/dsa-2025-326-security-update-for-dell-powerprotect-data-manager-multiple-security-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2025-43886",
    "datePublished": "2025-09-10T16:08:55.075Z",
    "dateReserved": "2025-04-18T05:05:05.741Z",
    "dateUpdated": "2025-09-11T13:24:30.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-47636 (GCVE-0-2025-47636)
Vulnerability from cvelistv5
Published
2025-05-07 14:20
Modified
2025-09-15 15:57
CWE
Summary
Path Traversal vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through 0.91.0.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-47636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T20:43:13.820068Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T20:43:22.422Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "list-category-posts",
          "product": "List category posts",
          "vendor": "Fernando Briano",
          "versions": [
            {
              "lessThanOrEqual": "0.91.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac | truonghuuphuc (Patchstack Bug Bounty program)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Path Traversal vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.\u003cp\u003eThis issue affects List category posts: from n/a through 0.91.0.\u003c/p\u003e"
            }
          ],
          "value": "Path Traversal vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through 0.91.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-252",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-252 PHP Local File Inclusion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-35",
              "description": "CWE-35 Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-15T15:57:16.538Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/list-category-posts/vulnerability/wordpress-list-category-posts-0-90-3-local-file-inclusion-vulnerability?_s_id=cve"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "tags": [
        "x_open-source"
      ],
      "title": "WordPress List category posts \u003c= 0.91.0 - Local File Inclusion Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-47636",
    "datePublished": "2025-05-07T14:20:40.452Z",
    "dateReserved": "2025-05-07T10:44:48.426Z",
    "dateUpdated": "2025-09-15T15:57:16.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation ID: MIT-5.1

Phase: Implementation

Strategy: Input Validation

Description:

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20

Phase: Implementation

Strategy: Input Validation

Description:

  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page