VariantIncomplete

CWE-44Path Equivalence: 'file.name' (Internal Dot)

Category: other

Description

The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Common consequences· 1

  • Confidentiality / Integrity — Read Files or Directories, Modify Files or Directories

References

  1. https://cwe.mitre.org/data/definitions/44.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityApache Tomcat Path Equivalence Vulnerabilitycve-2025-248130%live
KEVEntryApache Tomcat Path Equivalence Vulnerabilitykev-cve-2025-248130%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Path Equivalence: 'file...name' (Multiple Internal Dot)
CWE
Path Equivalence: 'filename.' (Trailing Dot)
CWE
Path Equivalence: 'filename....' (Multiple Trailing Dot)
CWE
Path Equivalence: '/./' (Single Dot Directory)
CWE
Path Equivalence: 'file name' (Internal Whitespace)
CWE
Path Equivalence: 'filedir*' (Wildcard)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.