PT-2025-11985 · Applio · Applio

Sylwia Budzynska

Publicado

2025-03-19

Atualizado

2025-03-20

CVE-2025-27785

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Applio versions 3.2.8-bugfix and prior

Description The issue is related to arbitrary file read in the export index function of train.py. This may lead to reading arbitrary files on the Applio server. It can also be used in conjunction with blind server-side request forgery to read files from servers on the internal network that the Applio server has access to.

Recommendations For versions 3.2.8-bugfix and prior, as a temporary workaround, consider disabling the export index function in train.py until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200CWE-22

Identificadores relacionados

CVE-2025-27785

Produtos afetados

Applio

PT-2025-11985 · Applio · Applio

CVE-2025-27785

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11