CVE-2025-5880

Name of the Vulnerable Software and Affected Versions Whistle version 2.9.98

Description A path traversal issue exists in the '/cgi-bin/sessions/get-temp-file' endpoint. The flaw allows for the manipulation of the filename argument to access files outside of the intended directory. Approximately 7 devices worldwide are potentially affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/cgi-bin/sessions/get-temp-file' endpoint to minimize the risk of exploitation.