How severe is CVE-2025-30343?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2025-30343?

This is classified as CWE-24, which is a common weakness in software security.

CVE-2025-30343

MEDIUM Year: 2025

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-24

View all →

Vulnerability Description

A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or folder as a relative or absolute path (e.g., ../../../etc/passwd), the ZIP archive generated for download converts that title into a path. Depending on the extraction tool used by the user, this might overwrite files locally outside of the chosen directory.

CVE-2020-8567

MEDIUM

CVSS:6.5(Medium)

Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass o...

CWE-242020

CVE-2021-21706

MEDIUM

CVSS:6.5(Medium)

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when ...

CWE-242021

CVE-2022-20656

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To ex...

CWE-242022

CVE-2023-3240

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usersNews_deal.php. The manipulation of the arg...

CWE-242023

CVE-2023-7040

MEDIUM

CVSS:6.5(Medium)

A vulnerability classified as problematic was found in codelyfe Stupid Simple CMS up to 1.2.4. Affected by this vulnerability is an unknown functionality of the file /file-manager/rename.php. The mani...

CWE-242023

CVE-2024-6786

MEDIUM

CVSS:6.5(Medium)

The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of se...

CWE-242024

CVE-2025-30343

Vulnerability Description

Related Vulnerabilities

CVE-2020-8567

CVE-2021-21706

CVE-2022-20656

CVE-2023-3240

CVE-2023-7040

CVE-2024-6786