CVE-2025-41035
Path Traversal vulnerability in appRain CMF
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Produtos afetados
appRain · appRain CMFQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →