{"uuid": "5046c0a5-114a-44d7-b7ff-e460c09d4ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-65418", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/12c58d9286093a7b634d57df7b8b9386", "content": "##### Description\n\nA directory traversal vulnerability exists when user\u2011supplied input is used to construct file paths without proper validation or normalization. By supplying specially crafted path sequences, an attacker can escape the intended restricted directory and access arbitrary files or directories on the underlying file system. This vulnerability may be exploited remotely via unauthenticated requests.\n\n##### Details\n\n*   **Product:** docuForm FSM Client\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE-209: Information Exposure Through an Error Message\n*   **Risk Level:** High - CVSS 3.1: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **CVE:** CVE-2025-65418\n\n##### Impact\n\nSuccessful exploitation can allow an attacker to read sensitive files stored outside the application\u2019s intended directory, including configuration files, application source code, system files, and user\u2011specific data.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-65418](https://nvd.nist.gov/vuln/detail/CVE-2025-65418)\n*   [ZeroBreach GmbH - CVE-2025-65418](https://zerobreach.de/blog/security-advisories/CVE-2025-65418.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:19:29.000000Z"}