CVE-2025-23410CRITICAL 9.8EPSS p44.5%

CVE-2025-23410CVE-2025-23410

Description

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.61% probability of exploitation · percentile 44.5% · 2026-06-18T12:00:27Z
Published2025-03-05
Last modified2026-04-15

Underlying weaknesses· 1

CWE-23

References

  1. https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07

1

TypeTargetConfidenceTier
WeaknessRelative Path Traversalcwe-230%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-24924
CVE
CVE-2025-3115
CVE
CVE-2025-41735
CVE
CVE-2025-3365
CVE
CVE-2026-21628
CVE
CVE-2025-55061
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.