PT-2025-52459 · Unknown · Eve-Ng 6.4.0-13-Pro
Xunmint
·
Published
2025-12-19
·
Updated
2025-12-22
·
CVE-2025-67442
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
EVE-NG version 6.4.0-13-PRO
Description
The software contains a directory traversal issue in the
/api/export interface. This interface, used by authenticated users to export lab files, does not properly validate or filter user-supplied file path parameters. This could allow unauthorized access to files outside the intended directory. The vulnerable parameter is the file path submitted by users.Recommendations
Apply input validation and filtering to the file path parameter in the
/api/export interface to prevent directory traversal.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eve-Ng 6.4.0-13-Pro