CVE-2025-66905

Name of the Vulnerable Software and Affected Versions Takes versions through 2.0-SNAPSHOT

Description The Takes web framework’s TkFiles component does not properly sanitize HTTP request paths before using them to access the filesystem. This allows a remote attacker to use "../" sequences within the request path to bypass the intended base directory and potentially read arbitrary files from the system. The TkFiles take is the affected component.

Recommendations Update to a version beyond 2.0-SNAPSHOT.