PT-2025-38226 · Unknown · Cisa Thorium
Published
2025-09-16
·
Updated
2026-03-10
·
CVE-2025-35430
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CISA Thorium versions prior to 1.1.2
Description
The software does not properly check the paths of files when they are downloaded using the 'download ephemeral' and 'download children' functions. This could allow a remote attacker who is already authenticated to access files they should not be able to, limited by the file system's permissions. The vulnerable functions are
download ephemeral and download children.Recommendations
Update to version 1.1.2 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisa Thorium