Zendto · Zendto · CVE-2025-34508
**Name of the Vulnerable Software and Affected Versions**
ZendTo versions 6.15 through 7
ZendTo version 6.15-8 (fixed version)
**Description**
A path traversal vulnerability exists in the file dropoff functionality of ZendTo. This flaw allows attackers to bypass security controls to access or modify sensitive information of other users, retrieve files on the host system, or cause a denial of service. The vulnerability arises from insufficient validation of user input, specifically the `chunkName` and `tmp name` parameters, during file processing.
**Recommendations**
ZendTo versions prior to 6.15-8: Upgrade to version 6.15-8 or later to address this vulnerability.