Common Weakness Enumeration

CWE-36

Allowed

Absolute Path Traversal

Abstraction: Base · Status: Draft

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

245 vulnerabilities reference this CWE, most recent first.

CVE-2025-8575 (GCVE-0-2025-8575)

Vulnerability from cvelistv5 – Published: 2025-09-12 05:24 – Updated: 2026-04-08 17:34
VLAI
Title
LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file'
Summary
The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lws_cl_delete_file' function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Vendor Product Version
aurelienlws LWS Cleaner Affected: 0 , ≤ 2.4.1.3 (semver)
Create a notification for this product.
Credits
Jonas Benjamin Friedli
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8575",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-12T16:30:29.186525Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-12T16:30:45.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LWS Cleaner",
          "vendor": "aurelienlws",
          "versions": [
            {
              "lessThanOrEqual": "2.4.1.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jonas Benjamin Friedli"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the \u0027lws_cl_delete_file\u0027 function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:34:20.206Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa37025a-7f20-4cfe-a7d0-38168f49b6d9?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/lws-cleaner/trunk/lws-cleaner.php#L1144"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3359598/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-11T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "LWS Cleaner \u003c= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via \u0027lws_cl_delete_file\u0027"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-8575",
    "datePublished": "2025-09-12T05:24:31.396Z",
    "dateReserved": "2025-08-05T00:23:10.299Z",
    "dateUpdated": "2026-04-08T17:34:20.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8213 (GCVE-0-2025-8213)

Vulnerability from cvelistv5 – Published: 2025-07-31 12:24 – Updated: 2026-04-08 16:58
VLAI
Title
NinjaScanner – Virus & Malware scan <= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion
Summary
The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Credits
Jonas Benjamin Friedli
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8213",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-31T13:10:45.439463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T13:10:56.349Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "NinjaScanner \u2013 Virus \u0026 Malware scan",
          "vendor": "nintechnet",
          "versions": [
            {
              "lessThanOrEqual": "3.2.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jonas Benjamin Friedli"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The NinjaScanner \u2013 Virus \u0026 Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the \u0027nscan_ajax_quarantine\u0027 and \u0027nscan_quarantine_select\u0027 functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T16:58:57.746Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1da345-ddbb-48ad-b0c1-bb0cb3b0fc69?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ninjascanner/trunk/lib/ajax_hooks.php#L331"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/ninjascanner/trunk/lib/tab_quarantine.php#L114"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3336569/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-30T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "NinjaScanner \u2013 Virus \u0026 Malware scan \u003c= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-8213",
    "datePublished": "2025-07-31T12:24:43.148Z",
    "dateReserved": "2025-07-25T19:35:11.742Z",
    "dateUpdated": "2026-04-08T16:58:57.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-8009 (GCVE-0-2025-8009)

Vulnerability from cvelistv5 – Published: 2025-07-24 07:22 – Updated: 2025-07-24 13:16
VLAI
Title
Security Ninja – Secure Firewall & Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read
Summary
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Credits
Jonas Benjamin Friedli
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8009",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-24T13:16:48.653253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T13:16:52.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Security Ninja \u2013 WordPress Security Plugin \u0026 Firewall",
          "vendor": "cleverplugins",
          "versions": [
            {
              "lessThanOrEqual": "5.242",
              "status": "affected",
              "version": "5.201",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jonas Benjamin Friedli"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Security Ninja \u2013 WordPress Security Plugin \u0026 Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the \u0027get_file_source\u0027 function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-24T07:22:12.991Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/51ee45f8-9978-48ec-8f87-229dc82938a8?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/security-ninja/trunk/modules/core-scanner/core-scanner.php#L33"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/security-ninja/trunk/modules/core-scanner/core-scanner.php#L186"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3333048/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-22T17:22:03.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-07-23T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Security Ninja \u2013 Secure Firewall \u0026 Secure Malware Scanner - 5.201 - 5.242 - Authenticated (Administrator+) Arbitrary File Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-8009",
    "datePublished": "2025-07-24T07:22:12.991Z",
    "dateReserved": "2025-07-21T21:53:13.604Z",
    "dateUpdated": "2025-07-24T13:16:52.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-7846 (GCVE-0-2025-7846)

Vulnerability from cvelistv5 – Published: 2025-10-31 06:42 – Updated: 2026-04-08 17:21
VLAI
Title
WordPress User Extra Fields <= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function
Summary
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() function in all versions up to, and including, 16.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Vendor Product Version
vanquish WordPress User Extra Fields Affected: 0 , ≤ 16.7 (semver)
Create a notification for this product.
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7846",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-31T14:26:00.687807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-31T14:26:13.340Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WordPress User Extra Fields",
          "vendor": "vanquish",
          "versions": [
            {
              "lessThanOrEqual": "16.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() function in all versions up to, and including, 16.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:21:11.387Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c66d0fb4-e2df-4bdb-8ccb-18a96173a55d?source=cve"
        },
        {
          "url": "https://codecanyon.net/item/user-extra-fields/12949844"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-30T18:34:20.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WordPress User Extra Fields \u003c= 16.7 - Authenticated (Subscriber+) Arbitrary File Deletion via save_fields Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-7846",
    "datePublished": "2025-10-31T06:42:56.125Z",
    "dateReserved": "2025-07-18T20:19:32.220Z",
    "dateUpdated": "2026-04-08T17:21:11.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-6381 (GCVE-0-2025-6381)

Vulnerability from cvelistv5 – Published: 2025-06-28 03:21 – Updated: 2026-04-08 17:15
VLAI
Title
BeeTeam368 Extensions <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion
Summary
The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Vendor Product Version
beeteam368 BeeTeam368 Extensions Affected: 0 , ≤ 2.3.4 (semver)
Create a notification for this product.
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-6381",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-30T16:19:07.742741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-30T16:19:16.241Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BeeTeam368 Extensions",
          "vendor": "beeteam368",
          "versions": [
            {
              "lessThanOrEqual": "2.3.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:15:26.691Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aed40456-43c3-4647-9bce-e7c6139c84cd?source=cve"
        },
        {
          "url": "https://themeforest.net/item/vidmov-video-wordpress-theme/35542187"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-20T19:26:03.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-06-27T14:26:26.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "BeeTeam368 Extensions \u003c= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-6381",
    "datePublished": "2025-06-28T03:21:59.274Z",
    "dateReserved": "2025-06-19T18:45:51.733Z",
    "dateUpdated": "2026-04-08T17:15:26.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-5927 (GCVE-0-2025-5927)

Vulnerability from cvelistv5 – Published: 2025-06-25 09:21 – Updated: 2026-04-08 17:11
VLAI
Title
Everest Forms (Pro) <= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion
Summary
The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability requires an admin to trigger the deletion via deletion of a form entry and cannot be carried out by the attacker alone.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Vendor Product Version
WPEverest Everest Forms Pro Affected: 0 , ≤ 1.9.4 (semver)
Create a notification for this product.
Credits
Nguyen Tan Phat
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5927",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-25T13:37:13.883637Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-25T13:37:37.158Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Everest Forms Pro",
          "vendor": "WPEverest",
          "versions": [
            {
              "lessThanOrEqual": "1.9.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nguyen Tan Phat"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.9.4. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The vulnerability requires an admin to trigger the deletion via deletion of a form entry and cannot be carried out by the attacker alone."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:11:44.649Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e3a118f-4321-4579-a986-05ce077dc6b9?source=cve"
        },
        {
          "url": "https://wordpress.org/plugins/everest-forms/"
        },
        {
          "url": "https://everestforms.net/changelog/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-12T18:46:06.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-06-24T20:22:24.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Everest Forms (Pro) \u003c= 1.9.4 - Unauthenticated Path Traversal to Arbitrary File Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-5927",
    "datePublished": "2025-06-25T09:21:40.614Z",
    "dateReserved": "2025-06-09T14:37:01.886Z",
    "dateUpdated": "2026-04-08T17:11:44.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-4799 (GCVE-0-2025-4799)

Vulnerability from cvelistv5 – Published: 2025-06-11 03:41 – Updated: 2026-04-08 17:34
VLAI
Title
WP-DownloadManager <= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion
Summary
The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Vendor Product Version
gamerz WP-DownloadManager Affected: 0 , ≤ 1.68.10 (semver)
Create a notification for this product.
Credits
Jamshed Yergashvoyev
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4799",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T13:23:45.565512Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T13:23:50.639Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP-DownloadManager",
          "vendor": "gamerz",
          "versions": [
            {
              "lessThanOrEqual": "1.68.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jamshed Yergashvoyev"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions up to, and including, 1.68.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This vulnerability can be paired with CVE-2025-4798 to delete any file within the WordPress root directory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:34:15.795Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9d9e485-171f-4e36-943d-397d540e31f4?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L16"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-options.php#L42"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/wp-downloadmanager/trunk/download-manager.php#L215"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3294467/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-10T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP-DownloadManager \u003c= 1.68.10 - Authenticated (Administrator+) Arbitrary File Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-4799",
    "datePublished": "2025-06-11T03:41:53.029Z",
    "dateReserved": "2025-05-15T19:37:36.032Z",
    "dateUpdated": "2026-04-08T17:34:15.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-0851 (GCVE-0-2025-0851)

Vulnerability from cvelistv5 – Published: 2025-01-29 21:19 – Updated: 2025-10-14 18:40
VLAI
Title
Path traversal issue in Deep Java Library
Summary
A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
  • CWE-73 - External Control of File Name or Path
Assigner
Impacted products
Vendor Product Version
AWS DeepJavaLibrary Affected: 0.1.0 , < 0.31.1 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0851",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T14:31:01.110426Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T19:51:13.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS",
            "Linux",
            "Windows",
            "x86",
            "ARM"
          ],
          "product": "DeepJavaLibrary",
          "vendor": "AWS",
          "versions": [
            {
              "lessThan": "0.31.1",
              "status": "affected",
              "version": "0.1.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-79",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-79: Using Slashes in Alternate Encoding"
            }
          ]
        },
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126: Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36: Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T18:40:18.185Z",
        "orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
        "shortName": "AMZN"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-003/"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/deepjavalibrary/djl/security/advisories/GHSA-jcrp-x7w3-ffmg"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/deepjavalibrary/djl/releases/tag/v0.31.1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Path traversal issue in Deep Java Library",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
    "assignerShortName": "AMZN",
    "cveId": "CVE-2025-0851",
    "datePublished": "2025-01-29T21:19:59.309Z",
    "dateReserved": "2025-01-29T17:39:51.866Z",
    "dateUpdated": "2025-10-14T18:40:18.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-0001 (GCVE-0-2025-0001)

Vulnerability from cvelistv5 – Published: 2025-02-17 09:29 – Updated: 2025-02-18 19:31
VLAI
Title
authenticated arbitrary file read vulnerability
Summary
Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Vendor Product Version
Abacus Research AG Abacus Affected: 0 , < 2024.210.16036 (custom)
Affected: 0 , < 2023.205.15833 (custom)
Affected: 0 , < 2022.205.15542 (custom)
Create a notification for this product.
Credits
Borel Enzo (testeurdestylos) Nicolas Hugues
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-0001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-18T17:20:34.965879Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-18T19:31:29.625Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Abacus",
          "vendor": "Abacus Research AG",
          "versions": [
            {
              "lessThan": "2024.210.16036",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2023.205.15833",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2022.205.15542",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Borel Enzo (testeurdestylos)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Nicolas Hugues"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability."
            }
          ],
          "value": "Abacus ERP is versions older than 2024.210.16036, 2023.205.15833, 2022.105.15542 are affected by an authenticated arbitrary file read vulnerability."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-597",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-597 Absolute Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36: Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-17T09:29:49.551Z",
        "orgId": "455daabc-a392-441d-aa46-37d35189897c",
        "shortName": "NCSC.ch"
      },
      "references": [
        {
          "url": "https://borelenzo.github.io/stuff/2025/02/15/CVE-2025-0001.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "authenticated arbitrary file read vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
    "assignerShortName": "NCSC.ch",
    "cveId": "CVE-2025-0001",
    "datePublished": "2025-02-17T09:29:49.551Z",
    "dateReserved": "2024-10-09T13:49:52.061Z",
    "dateUpdated": "2025-02-18T19:31:29.625Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-57966 (GCVE-0-2024-57966)

Vulnerability from cvelistv5 – Published: 2025-02-03 00:00 – Updated: 2025-02-09 05:02
VLAI
Summary
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-36 - Absolute Path Traversal
Assigner
Impacted products
Vendor Product Version
KDE ark Affected: 0 , < 24.12.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-57966",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-03T17:02:25.845031Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-03T17:02:38.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-09T05:02:36.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ark",
          "vendor": "KDE",
          "versions": [
            {
              "lessThan": "24.12.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "24.12.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-36",
              "description": "CWE-36 Absolute Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-03T04:18:53.872Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58"
        },
        {
          "url": "https://github.com/KDE/ark/compare/v24.11.90...v24.12.0"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-57966",
    "datePublished": "2025-02-03T00:00:00.000Z",
    "dateReserved": "2025-02-03T00:00:00.000Z",
    "dateUpdated": "2025-02-09T05:02:36.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

Mitigation MIT-29
Operation

Strategy: Firewall

Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].

CAPEC-597: Absolute Path Traversal

An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as ".." to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.