CVE-2025-2305HIGH 8.6EPSS p24.2%

CVE-2025-2305CVE-2025-2305

Description

A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
EPSS0.33% probability of exploitation · percentile 24.2% · 2026-06-18T12:00:27Z
Published2025-05-16
Last modified2026-04-15

Underlying weaknesses· 1

CWE-20

References

  1. https://www.cirosec.de/sa/sa-2025-003

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-3365
CVE
CVE-2026-29205
CVE
CVE-2025-57790
CVE
CVE-2025-24937
CVE
CVE-2026-21628
CVE
CVE-2025-62630
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.