CVE-2025-66945CRITICAL 9.1EPSS p40.5%

CVE-2025-66945CVE-2025-66945

Description

A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.53% probability of exploitation · percentile 40.5% · 2026-06-21T12:00:28Z
Published2026-03-03
Last modified2026-03-04

Underlying weaknesses· 1

CWE-787

References

  1. https://github.com/kaliworld/Zdir-Pro-Zip-slip-vulnerability/
  2. https://zeroday.endlessparadox.com/posts/cve-2025-66945/

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65346
CVE
CVE-2025-0851
CVE
CVE-2025-69874
CVE
CVE-2025-15132
CVE
CVE-2025-3485
CVE
CVE-2025-15133
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.