Skip to main content

Path Traversal: '../filedir'

CVE-2025-44962

Medium
5/10

Summary

RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.

  • LOW
  • NETWORK
  • NONE
  • CHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-24 - Path Traversal: '../filedir'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.

References

Advisory Timeline

  • Published