Files or Directories Accessible to External Parties

CVE-2025-1982

High

7.1/10

Summary

Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files.

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: LOW

CWE-552 - Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References

Advisory Timeline

Published Apr 16, 2025

Files or Directories Accessible to External Parties

CVE-2025-1982

Summary

CWE-552 - Files or Directories Accessible to External Parties

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS