CVE-2025-57403

Name of the Vulnerable Software and Affected Versions Cola Dnslog version 1.3.2

Description The application processes DNS queries for TXT records by concatenating the requested URL with a base path using os.path.join. This allows for directory traversal or absolute path injection. Successful exploitation could lead to the exposure of sensitive information. The vulnerable component is the processing of DNS TXT record queries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.