← volver
CVE-2025-32807

CVE-2025-32807

CVSS 5.3 MEDIUMEPSS 0.5%CWE-24
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
FusionDirectory · FusionDirectory

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/Changelog.md?plain=1#L112https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/include/class_IconTheme.inc#L233-237https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/commit/9edefd0b367450d665a141c5e94db8a06d208556