CVE-2025-49415
published 2025-06-17CVE-2025-49415: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This…
PriorityP347high8.6CVSS 3.1
AVNACLPRNUINSCCNINAH
EPSS
0.40%
32.1th percentile
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery fw-gallery allows Path Traversal.This issue affects FW Gallery: from n/a through <= 8.0.0.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastw3b_llc | fw_gallery | <= 8.0.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Projectzero
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
blogs_projectzero·2026-01-14·CVSS 7.4
[HIGH] A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones.
Iâve spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkeyâs Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fra
Projectzero
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
blogs_projectzero·CVSS 7.4
[HIGH] A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones.
Iâve spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkeyâs Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fra
2025-06-17
Published