CVE-2024-25006

Name of the Vulnerable Software and Affected Versions XenForo versions prior to 2.2.14

Description The issue allows Directory Traversal with write access by an authenticated user who has permissions to administer styles. This is possible when using a ZIP archive for Styles Import.

Recommendations For versions prior to 2.2.14, update to version 2.2.14 or later to resolve the issue. As a temporary workaround, consider restricting the ability to administer styles and limiting the use of ZIP archives for Styles Import until a patch is applied.