CVE-2025-24960

Name of the Vulnerable Software and Affected Versions: Jellystat versions prior to 1.1.3

Description: Jellystat is a free and open source Statistics App for Jellyfin. In affected versions, Jellystat directly uses user input in the routes, which can lead to Path Traversal vulnerabilities. Although this functionality is only for administrators, the DELETE files/:filename command can be used to delete any file. This issue has been addressed in version 1.1.3.

Recommendations: For versions prior to 1.1.3, update to version 1.1.3 to fix the Path Traversal vulnerability. As a temporary workaround, consider restricting access to the DELETE files/:filename command until the update is applied.