Itcube · Itcube Crm · CVE-2025-5993
Name of the Vulnerable Software and Affected Versions:
ITCube CRM versions 2023.2 through 2025.2
Description:
ITCube CRM is susceptible to a path traversal issue. An unauthenticated remote attacker can exploit the `fileName` parameter to construct payloads that enable the download of any file accessible by the web server process.
Recommendations:
For ITCube CRM versions 2023.2 through 2025.2, sanitize or restrict the `fileName` parameter to prevent path traversal attempts.