PT-2025-45584 · Unknown · Openclinica Community Edition
Mikecole-Mg
·
Published
2025-11-10
·
Updated
2025-12-02
·
CVE-2025-12922
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClinica Community Edition versions up to 3.12.2/3.13
Description
A path traversal issue exists in OpenClinica Community Edition. The issue affects the CRF Data Import component, specifically within the
/ImportCRFData?action=confirm file. Manipulation of the xml file argument can lead to path traversal. The attack can be initiated remotely. The exploit has been made public.Recommendations
Versions prior to 3.12.2/3.13 should be used.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclinica Community Edition