exploitDog

CVE-2025-41035

Опубликовано: 04 сент. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-apprain-cmf
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apprain:apprain:4.0.5:*:*:*:*:*:*:*

EPSS

Процентиль: 10%

0.00035

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-w4h7-75xh-3v83

CVSS3: 6.5

github

5 месяцев назад

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/.

EPSS

Процентиль: 10%

0.00035

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22