CVE-2025-24494

Name of the Vulnerable Software and Affected Versions SoftwareX versions prior to 6.7.0

Description The issue allows for path traversal, which may enable remote code execution using a privileged account, requiring a device admin account. This cannot be performed by a regular user. In combination with the 'Upload' functionality, it could be used to execute an arbitrary script or possibly an uploaded binary.

Recommendations For versions prior to 6.7.0, update to Version 6.7.0, released on 20-Oct-24, to resolve the issue. As a temporary workaround, consider restricting the use of the 'Upload' functionality until the update is applied.