CVE-2025-25224

Name of the Vulnerable Software and Affected Versions: LuxCal Web Calendar versions prior to 5.3.3M (MySQL version) LuxCal Web Calendar versions prior to 5.3.3L (SQLite version)

Description: The issue concerns a missing authentication vulnerability in the dloader.php file. This vulnerability can be exploited to obtain arbitrary files on a server.

Recommendations: For versions prior to 5.3.3M (MySQL version), update to version 5.3.3M or later. For versions prior to 5.3.3L (SQLite version), update to version 5.3.3L or later. As a temporary workaround, consider restricting access to the dloader.php file until a patch is applied.