exploitDog

CVE-2025-67076

Опубликовано: 15 янв. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.

Ссылки

https://www.agora-project.net
Product
https://www.helx.io/blog/advisory-agora-project/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:agora-project:agora-project:*:*:*:*:*:*:*:*

Версия до 25.10 (исключая)

EPSS

Процентиль: 61%

0.00409

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-44vf-6vfg-98jr

CVSS3: 7.5

github

23 дня назад

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.

EPSS

Процентиль: 61%

0.00409

Низкий

7.5 High

CVSS3

Дефекты

CWE-22