← back
CVE-2025-2305

Local file inclusion vulnerability in LIVE CONTRACT

CVSS 8.6 HIGHEPSS 0.3%CWE-20
A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
SYNCPILOT · LIVE CONTRACT

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cirosec.de/sa/sa-2025-003