PT-2025-40429 · Traccar · Traccar
Eddiez9
+1
·
Publicado
2025-10-02
·
Atualizado
2025-12-03
·
CVE-2025-61666
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Traccar versions 5.8 through 6.0
Traccar versions 6.1 through 6.8.1
Description
Traccar, an open source GPS tracking system, has a flaw that allows for unauthenticated local file inclusion attacks. This can result in the disclosure of passwords or any file on the file system, including the Traccar configuration file. Versions 5.8 through 6.0 are susceptible only if the configuration file includes
<entry key='web.override'>./override</entry>. Versions 6.1 through 6.8.1 are vulnerable by default due to the web override being enabled.Recommendations
Update to version 6.9.0 or later.
For versions 5.8 through 6.0, ensure the
<entry key='web.override'>./override</entry> setting is removed from the configuration file.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Traccar