CVE-2025-66386

CVSS v3.1

4.1

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.27

Description The software contains a path traversal flaw within the

EventReport

model when viewing pictures, potentially accessible to a site administrator. The issue resides in the

app/Model/EventReport.php

file.

Recommendations Update to version 2.5.27 or later.

Fix

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2025-66386

Misp