Path Traversal: '/../filedir'
CVE-2025-68916
Summary
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
- LOW
- NETWORK
- HIGH
- CHANGED
- NONE
- HIGH
- HIGH
- HIGH
CWE-25 - Path Traversal: '/../filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory.
References
Advisory Timeline
- Published
