CVE-2025-27920

Name of the Vulnerable Software and Affected Versions Output Messenger versions prior to 2.0.63

Description The issue is a directory traversal vulnerability that allows attackers to access sensitive files outside the intended directory by using ../ sequences in parameters. This could lead to configuration leakage or arbitrary file access. A threat group linked to Turkey, Marbled Dust, has been exploiting this vulnerability to spy on Kurdish military in Iraq. The exploitation techniques include DNS hijacking and typosquatting. The vulnerability has been used to deploy malicious files, backdoor Output Messenger servers, and steal sensitive data.

Recommendations For Output Messenger versions prior to 2.0.63, update to version 2.0.63 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation. Additionally, be cautious when using parameters that could be used for directory traversal attacks, such as those containing ../ sequences.