CVE-2023-25804

Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 6.3.5.0

Description The issue is related to a limited path traversal vulnerability in the Roxy-WI web interface, which can be exploited by a remote attacker to gain unauthorized access to protected information. This vulnerability allows an SSH key to be saved into an unintended location, such as the /tmp folder, using a payload like ../../../../../tmp/test111 dev.

Recommendations For versions prior to 6.3.5.0, update to version 6.3.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable web interface until the update is applied. Avoid using the vulnerable functionality to save SSH keys to unintended locations until the issue is resolved.