PT-2025-30426 · Aim · Aim
Geckosecurity
·
Published
2025-07-22
·
Updated
2025-07-22
·
CVE-2025-51463
CVSS v3.1
7.0
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
AIM version 3.28.0
Description
A path traversal issue exists in the
restore run backup() function. This allows remote attackers to write arbitrary files to the server's filesystem by submitting a crafted backup tar file to the run instruction API. The submitted file is extracted without proper path validation during the restoration process.Recommendations
Ensure that the
run instruction API does not process untrusted backup tar files.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aim