CVE-2025-0332

Progress UI for WinForms decompression path traversal vulnerability

CVSS 7.8 HIGHEPSS 0.4%CWE-22

In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Progress Software · Progress® Telerik® UI for WinForms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.telerik.com/devtools/winforms/knowledge-base/kb-security-path-traversal-cve-2025-0332