Medium severity4.1NVD Advisory· Published Nov 28, 2025· Updated Apr 15, 2026

CVE-2025-66386

Description

app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.