CVE-2025-23011

Name of the Vulnerable Software and Affected Versions Fedora Repository version 3.8.1

Description The issue allows path traversal when extracting uploaded archives, also known as "Zip Slip". A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request.

Recommendations For Fedora Repository version 3.8.1, migrate to a currently supported version, such as 6.5.1, to resolve the issue. As a temporary workaround, consider restricting access to the archive upload feature until the migration is complete. Additionally, avoid using the vulnerable archive extraction functionality until the issue is resolved by migrating to the supported version.