PT-2025-49810 · Jmri · Jmri
Titan Team
·
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2025-14311
CVSS v4.0
6.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
JMRI versions prior to 5.13.3
Description
A flaw exists in JMRI related to improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' issue. This could allow unauthorized access to files or directories. There is no information about the number of potentially affected devices or any real-world incidents where this issue was exploited. The vulnerability involves manipulating file paths to access resources outside the intended directory.
Recommendations
Update JMRI to version 5.13.3 or later.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jmri