{"vulnerability": "cve-2025-32807", "sightings": [{"uuid": "c6e37acb-b5d7-443b-b059-2a3bcae574e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32807", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmiv2tssnh2j", "content": "", "creation_timestamp": "2025-04-11T01:38:16.766650Z"}, {"uuid": "fc46caeb-dd94-44d2-b04b-e10e5e9a4862", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32807", "type": "seen", "source": "https://t.me/cvedetector/22690", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-32807 - FusionDirectory Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-32807 \nPublished : April 11, 2025, 12:15 a.m. | 1\u00a0hour, 12\u00a0minutes ago \nDescription : A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T03:54:09.000000Z"}, {"uuid": "b904b1ba-0779-442f-a2dc-f2dd22a5bdcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-32807", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11359", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-32807\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.\n\ud83d\udccf Published: 2025-04-10T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-10T23:41:01.993Z\n\ud83d\udd17 References:\n1. https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/include/class_IconTheme.inc#L233-237\n2. https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/commit/9edefd0b367450d665a141c5e94db8a06d208556\n3. https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/Changelog.md?plain=1#L112", "creation_timestamp": "2025-04-10T23:49:30.000000Z"}]}