CVE-2025-55295

Name of the Vulnerable Software and Affected Versions: qBit Manage versions prior to 4.5.4

Description: A path traversal vulnerability exists in qBit Manage's web API that allows authenticated users to read arbitrary files from the server filesystem. The vulnerability is located in the restore config from backup API endpoint. Attackers can bypass directory restrictions and read arbitrary files by manipulating the backup id parameter with path traversal sequences (e.g., ../).

Recommendations: Update to version 4.5.4 or later.