CVE-2025-27410

Name of the Vulnerable Software and Affected Versions PwnDoc versions prior to 1.2.0

Description The issue concerns the backup restore functionality, which is vulnerable to path traversal in the TAR entry's name. This allows an attacker to overwrite any file on the system with their content, potentially leading to Remote Code Execution as an administrator. The vulnerability can be exploited by overwriting an included .js file and restarting the container. It affects users with the backups:create and backups:update permissions, which by default are only administrators.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting the backups:create and backups:update permissions to prevent potential exploitation. Additionally, avoid using the backup restore functionality until the update is applied.