CVE-2025-53880

Name of the Vulnerable Software and Affected Versions tftpsync (affected versions not specified)

Description A path traversal flaw exists in the tftpsync/add and tftpsync/delete scripts. A remote attacker on an adjacent network can potentially write or delete files on the filesystem with the privileges of the wwwrun user. Access to the affected scripts is restricted to a list of allowed IP addresses, and the scripts are unauthenticated. The vulnerability involves manipulating file paths to access resources outside the intended directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.