← volver
CVE-2025-5993

Path Traversal in ITCube CRM

CVSS 9.2 CRITICALEPSS 0.6%CWE-22
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Productos afectados
ITCube Software · ITCube CRM

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert.pl/posts/2025/07/CVE-2025-5993https://itcube.pl/modul-crm