CVE-2025-32807 — Path Traversal: '../filedir' in Fusiondirectory

CWE-24 — Path Traversal: '../filedir'4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 48.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fusiondirectory Debian Fusiondirectory

Timeline

PublishedApr 11

Description

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5fusiondirectory/fusiondirectory< 1.5

▶debiandebian/fusiondirectory

🔴Vulnerability Details

OSV

CVE-2025-32807: A path traversal vulnerability in FusionDirectory before 1↗2025-04-11

▶

GHSA

GHSA-chj6-x555-wh22: A path traversal vulnerability in FusionDirectory before 1↗2025-04-11

▶

📋Vendor Advisories

Debian

CVE-2025-32807: fusiondirectory - A path traversal vulnerability in FusionDirectory before 1.5 allows remote attac...↗2025

▶