CVE-2025-56427

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ComposioHQ version 0.7.20

Description A directory traversal issue exists in ComposioHQ version 0.7.20. This allows a remote attacker to potentially access sensitive information through the download file or dir function. The issue involves improper handling of file paths, potentially allowing access to files outside the intended directory.

Recommendations Update ComposioHQ to a newer version that addresses this issue. As a temporary workaround, restrict access to the download file or dir function until a patch is available.

Exploit

Fix

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200

Related Identifiers

CVE-2025-56427

GHSA-3MWV-J45G-VP3W

Affected Products

Composiohq

CVE-2025-56427

Weakness Enumeration

Related Identifiers

Affected Products

References · 8