CVE-2023-25803

Name of the Vulnerable Software and Affected Versions Roxy-WI versions prior to 6.3.5.0

Description The issue is related to a directory traversal vulnerability in the Roxy-WI web interface, which manages Haproxy, Nginx, Apache, and Keepalived servers. This vulnerability allows for the inclusion of server-side files. The problem is caused by incorrect restriction of the path name to a directory with limited access, which can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 6.3.5.0, update to version 6.3.5.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive server-side files until the update can be applied.