CVE-2025-23416

MEDIUM Year: 2025
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

Path traversal may lead to arbitrary file deletion. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25.

Related Vulnerabilities

CVE-2016-10528

MEDIUM
CVSS:4.9(Medium)

restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it t...

CWE-222016

CVE-2016-4004

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parame...

CWE-222016

CVE-2016-4314

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to ...

CWE-222016

CVE-2016-5092

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn featur...

CWE-222016

CVE-2016-7135

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile act...

CWE-222016

CVE-2017-10841

MEDIUM
CVSS:4.9(Medium)

Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.

CWE-222017