PT-2025-32243 · Tagfree · Tagfree X-Free Uploader Xfu

이우진

Published

2025-08-07

Updated

2025-08-07

CVE-2025-29865

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions TAGFREE X-Free Uploader XFU versions 1.0.1.0084 through 1.0.1.0085 TAGFREE X-Free Uploader XFU versions 2.0.1.0034 through 2.0.1.0035

Description The software contains a Path Traversal flaw that allows unauthorized access. The issue is due to an improper limitation of a pathname to a restricted directory.

Recommendations Update TAGFREE X-Free Uploader XFU to version 1.0.1.0085 or later. Update TAGFREE X-Free Uploader XFU to version 2.0.1.0035 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-29865

Affected Products

Tagfree X-Free Uploader Xfu

PT-2025-32243 · Tagfree · Tagfree X-Free Uploader Xfu

CVE-2025-29865

Weakness Enumeration

Related Identifiers

Affected Products

References · 5