CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Description
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-126 · CAPEC-64 · CAPEC-76 · CAPEC-78 · CAPEC-79
CVEs mapped to this weakness (5,488)
page 232 of 275| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49656 | 0.00 | — | 0.01 | Jul 21, 2025 | Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue. | |||
| CVE-2025-6233 | 0.00 | — | 0.00 | Jul 18, 2025 | Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal. | |||
| CVE-2025-53632 | 0.00 | — | 0.01 | Jul 10, 2025 | Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor… | |||
| CVE-2025-53513 | 0.00 | — | 0.01 | Jul 8, 2025 | The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running… | |||
| CVE-2025-6210 | 0.00 | — | 0.00 | Jul 7, 2025 | A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by… | |||
| CVE-2025-3046 | 0.00 | — | 0.01 | Jul 7, 2025 | A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the… | |||
| CVE-2025-34076 | — | 0.00 | — | 0.01 | Jul 2, 2025 | An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying… | ||
| CVE-2025-44163 | 0.00 | — | 0.01 | Jun 27, 2025 | RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse… | |||
| CVE-2025-5981 | 0.00 | — | 0.00 | Jun 18, 2025 | Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images. | |||
| CVE-2025-6167 | 0.00 | — | 0.01 | Jun 17, 2025 | A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this… | |||
| CVE-2025-3594 | 0.00 | — | 0.01 | Jun 16, 2025 | Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitrary locations on the server… | |||
| CVE-2024-38824 | — | 0.00 | — | 0.01 | Jun 13, 2025 | Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory. | ||
| CVE-2025-46096 | — | 0.00 | — | 0.01 | Jun 13, 2025 | Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component | ||
| CVE-2025-28384 | 0.00 | — | 0.01 | Jun 13, 2025 | An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal. | |||
| CVE-2025-28382 | 0.00 | — | 0.01 | Jun 13, 2025 | An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal. | |||
| CVE-2024-57189 | 0.00 | — | 0.00 | Jun 10, 2025 | In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. | |||
| CVE-2024-57186 | 0.00 | — | 0.00 | Jun 10, 2025 | In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler. | |||
| CVE-2025-49138 | — | 0.00 | — | 0.00 | Jun 9, 2025 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by… | ||
| CVE-2025-47952 | 0.00 | — | 0.01 | May 30, 2025 | Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a… | |||
| CVE-2025-47273 | 0.00 | — | 0.01 | May 17, 2025 | setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on… |
- CVE-2025-49656Jul 21, 2025risk 0.00cvss —epss 0.01
Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue.
- CVE-2025-6233Jul 18, 2025risk 0.00cvss —epss 0.00
Mattermost versions 10.8.x <= 10.8.1, 10.7.x <= 10.7.3, 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to sanitize input paths of file attachments in the bulk import JSONL file, which allows a system admin to read arbitrary system files via path traversal.
- CVE-2025-53632Jul 10, 2025risk 0.00cvss —epss 0.01
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor…
- CVE-2025-53513Jul 8, 2025risk 0.00cvss —epss 0.01
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running…
- CVE-2025-6210Jul 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by…
- CVE-2025-3046Jul 7, 2025risk 0.00cvss —epss 0.01
A vulnerability in the `ObsidianReader` class of the run-llama/llama_index repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The `ObsidianReader` fails to resolve symlinks to their real paths and does not validate whether the…
- CVE-2025-34076Jul 2, 2025risk 0.00cvss —epss 0.01
An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying…
- CVE-2025-44163Jun 27, 2025risk 0.00cvss —epss 0.01
RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter to overwrite arbitrary files writable by the web server via abuse…
- CVE-2025-5981Jun 18, 2025risk 0.00cvss —epss 0.00
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.
- CVE-2025-6167Jun 17, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this…
- CVE-2025-3594Jun 16, 2025risk 0.00cvss —epss 0.01
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitrary locations on the server…
- CVE-2024-38824Jun 13, 2025risk 0.00cvss —epss 0.01
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
- CVE-2025-46096Jun 13, 2025risk 0.00cvss —epss 0.01
Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
- CVE-2025-28384Jun 13, 2025risk 0.00cvss —epss 0.01
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
- CVE-2025-28382Jun 13, 2025risk 0.00cvss —epss 0.01
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
- CVE-2024-57189Jun 10, 2025risk 0.00cvss —epss 0.00
In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
- CVE-2024-57186Jun 10, 2025risk 0.00cvss —epss 0.00
In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
- CVE-2025-49138Jun 9, 2025risk 0.00cvss —epss 0.00
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by…
- CVE-2025-47952May 30, 2025risk 0.00cvss —epss 0.01
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a…
- CVE-2025-47273May 17, 2025risk 0.00cvss —epss 0.01
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on…