CVE-2025-41035
Path Traversal vulnerability in appRain CMF
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
appRain · appRain CMF¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →