PT-2025-38226 · Cisa · Thorium

Published

2025-09-17

Updated

2025-09-17

CVE-2025-35430

CVSS v3.1

5.0

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CISA Thorium does not adequately validate the paths of downloaded files via 'download ephemeral' and 'download children'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-35430

Affected Products

Thorium

PT-2025-38226 · Cisa · Thorium

Weakness Enumeration

Related Identifiers

Affected Products

References · 5