PT-2025-30426 · Aim · Aim
Geckosecurity
·
Publicado
2025-07-22
·
Atualizado
2025-07-22
·
CVE-2025-51463
CVSS v3.1
7.0
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
AIM version 3.28.0
Description
A path traversal issue exists in the
restore run backup() function. This allows remote attackers to write arbitrary files to the server's filesystem by submitting a crafted backup tar file to the run instruction API. The submitted file is extracted without proper path validation during the restoration process.Recommendations
Ensure that the
run instruction API does not process untrusted backup tar files.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Aim