CVE-2025-48609

Name of the Vulnerable Software and Affected Versions MmsProvider.java (affected versions not specified)

Description A path traversal error exists in multiple functions within MmsProvider.java, potentially allowing arbitrary file deletion affecting telephony, SMS, and MMS functionalities. This could result in a local denial of service without requiring additional execution privileges or user interaction. The vulnerable code is located at '/api/v1/mmsProvider' and involves file handling operations. The issue stems from insufficient validation of file paths, enabling an attacker to traverse directories and delete critical system files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.