CVE-2025-2305 - Vulnerability Details - OpenCVE

A Path traversal vulnerability in the file
download functionality was identified. This vulnerability allows
unauthenticated users to download arbitrary files, in the context of the
application server, from the Linux server.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-15430	A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.

Fixes

Solution

Update to versions 5.4.12, 5.5.4, 5.6.3 or higher.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cirosec.de/sa/sa-2025-003

History

Fri, 16 May 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 16 May 2025 12:30:00 +0000

Type	Values Removed	Values Added
Description		A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.
Title		Local file inclusion vulnerability in LIVE CONTRACT
Weaknesses		CWE-20
References		https://www.cirosec.de/sa/sa-2025-003
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cirosec

Published: 2025-05-16T12:09:41.347Z

Updated: 2025-05-16T13:04:26.030Z

Reserved: 2025-03-14T12:24:17.830Z

Link: CVE-2025-2305

Vulnrichment

Updated: 2025-05-16T13:04:22.444Z

NVD

Status : Awaiting Analysis

Published: 2025-05-16T13:15:52.063

Modified: 2025-05-16T14:42:18.700

Link: CVE-2025-2305

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2305", "assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "state": "PUBLISHED", "assignerShortName": "cirosec", "dateReserved": "2025-03-14T12:24:17.830Z", "datePublished": "2025-05-16T12:09:41.347Z", "dateUpdated": "2025-05-16T13:04:26.030Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LIVE CONTRACT", "vendor": "SYNCPILOT", "versions": [{"lessThan": "5.4.12", "status": "affected", "version": "3", "versionType": "semver"}, {"lessThan": "5.5.4", "status": "affected", "version": "5.5", "versionType": "semver"}, {"lessThan": "5.6.3", "status": "affected", "version": "5.6", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Felix Schmid <felix.schmid@cirosec.de>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A Path traversal vulnerability in the file\ndownload functionality was identified. This vulnerability allows\nunauthenticated users to download arbitrary files, in the context of the\napplication server, from the Linux server.</p>"}], "value": "A Path traversal vulnerability in the file\ndownload functionality was identified. This vulnerability allows\nunauthenticated users to download arbitrary files, in the context of the\napplication server, from the Linux server."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "shortName": "cirosec", "dateUpdated": "2025-05-16T12:09:41.347Z"}, "references": [{"url": "https://www.cirosec.de/sa/sa-2025-003"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to versions 5.4.12, 5.5.4, 5.6.3 or higher."}], "value": "Update to versions\u00a05.4.12, 5.5.4, 5.6.3 or higher."}], "source": {"advisory": "SA-2025-004", "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2025-03-04T23:00:00.000Z", "value": "Vendor was contacted and informed about the vulnerability via email."}, {"lang": "en", "time": "2025-03-04T23:00:00.000Z", "value": "Initial response received from vendor. Vendor acknowledged the vulnerability."}, {"lang": "en", "time": "2025-03-12T23:00:00.000Z", "value": "Vendor informed us that the issue was resolved."}], "title": "Local file inclusion vulnerability in LIVE CONTRACT", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-16T13:04:19.139164Z", "id": "CVE-2025-2305", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T13:04:26.030Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2305", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-16T13:04:19.139164Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T13:04:22.444Z"}}], "cna": {"title": "Local file inclusion vulnerability in LIVE CONTRACT", "source": {"advisory": "SA-2025-004", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Felix Schmid <felix.schmid@cirosec.de>"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SYNCPILOT", "product": "LIVE CONTRACT", "versions": [{"status": "affected", "version": "3", "lessThan": "5.4.12", "versionType": "semver"}, {"status": "affected", "version": "5.5", "lessThan": "5.5.4", "versionType": "semver"}, {"status": "affected", "version": "5.6", "lessThan": "5.6.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-04T23:00:00.000Z", "value": "Vendor was contacted and informed about the vulnerability via email."}, {"lang": "en", "time": "2025-03-04T23:00:00.000Z", "value": "Initial response received from vendor. Vendor acknowledged the vulnerability."}, {"lang": "en", "time": "2025-03-12T23:00:00.000Z", "value": "Vendor informed us that the issue was resolved."}], "solutions": [{"lang": "en", "value": "Update to versions\u00a05.4.12, 5.5.4, 5.6.3 or higher.", "supportingMedia": [{"type": "text/html", "value": "Update to versions 5.4.12, 5.5.4, 5.6.3 or higher.", "base64": false}]}], "references": [{"url": "https://www.cirosec.de/sa/sa-2025-003"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Path traversal vulnerability in the file\ndownload functionality was identified. This vulnerability allows\nunauthenticated users to download arbitrary files, in the context of the\napplication server, from the Linux server.", "supportingMedia": [{"type": "text/html", "value": "<p>A Path traversal vulnerability in the file\ndownload functionality was identified. This vulnerability allows\nunauthenticated users to download arbitrary files, in the context of the\napplication server, from the Linux server.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "shortName": "cirosec", "dateUpdated": "2025-05-16T12:09:41.347Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2305", "state": "PUBLISHED", "dateUpdated": "2025-05-16T13:04:26.030Z", "dateReserved": "2025-03-14T12:24:17.830Z", "assignerOrgId": "a341c0d1-ebf7-493f-a84e-38cf86618674", "datePublished": "2025-05-16T12:09:41.347Z", "assignerShortName": "cirosec"}, "dataVersion": "5.1"}