CVE-2025-69820Path Traversal in Beam-cloud Beta9

CWE-22Path Traversal6 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.2%
top 57.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
AWS Aws-sdk-phpGithub.com Beam-cloud Beta9Beam Beta9
Timeline
PublishedJan 22
Latest updateFeb 2

Description

Directory Traversal vulnerability in Beam beta9 v.0.1.521 allows a remote attacker to obtain sensitive information via the joinCleanPath function.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages3 packages

Gogithub.com/beam-cloud_beta90.0.0-20260116162221-c1cd75e813cf
NVDbeam/beta90.1.521
Packagistaws/aws-sdk-php< 3.288.1

🔴Vulnerability Details

4
OSV
Beam Exposes sensitive information via joinCleanPath function in github.com/beam-cloud/beta92026-02-02
OSV
Beam Exposes sensitive information via joinCleanPath function2026-01-22
GHSA
Beam Exposes sensitive information via joinCleanPath function2026-01-22
OSV
Potential URI resolution path traversal in the AWS SDK for PHP2023-12-21

🕵️Threat Intelligence

1
Wiz
CVE-2025-69820 Impact, Exploitability, and Mitigation Steps | Wiz