← voltar
CVE-2025-2305

Local file inclusion vulnerability in LIVE CONTRACT

CVSS 8.6 HIGHEPSS 0.3%CWE-20
A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Produtos afetados
SYNCPILOT · LIVE CONTRACT

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.cirosec.de/sa/sa-2025-003