PT-2025-31806 · Ipx · Ipx
Dellalibera
·
Published
2025-08-04
·
Updated
2025-10-09
·
CVE-2025-54387
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IPX versions 1.3.1 and below
IPX versions 2.0.0-0 through 2.1.0
IPX versions 3.0.0 through 3.1.0
Description
IPX, an image optimizer powered by sharp and svgo, is susceptible to a path prefix bypass when verifying if a path is within allowed directories. This occurs when the allowed directories do not end with a path separator, as the check relies on a raw string prefix comparison. This allows access to files outside of the intended directories.
Recommendations
IPX version 1.3.2 or later
IPX version 2.1.1 or later
IPX version 3.1.1 or later
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ipx