CVE-2025-60722 — Path Traversal in Microsoft Onedrive FOR Android

CWE-22 — Path Traversal4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Onedrive FOR Android Microsoft Onedrive Msrc Onedrive FOR Android

Timeline

PublishedNov 11

Description

Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5microsoft/onedrive_for_android1.0 — 7.42

▶msrcmsrc/onedrive_for_android

▶NVDmicrosoft/onedrive< 7.42

🔴Vulnerability Details

GHSA

GHSA-4x45-2w34-jxfr: Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privil↗2025-11-11

▶

📋Vendor Advisories

Microsoft

Microsoft OneDrive for Android Elevation of Privilege Vulnerability↗2025-11-11

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws↗2025-11-11

▶