Unrated severityNVD Advisory· Published Mar 21, 2025· Updated Mar 21, 2025
CVE-2025-30343
CVE-2025-30343
Description
A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or folder as a relative or absolute path (e.g., ../../../etc/passwd), the ZIP archive generated for download converts that title into a path. Depending on the extraction tool used by the user, this might overwrite files locally outside of the chosen directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<4.2.5+ 1 more
- (no CPE)range: <4.2.5
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.