PT-2026-22784 · Zdir Pro · Zdir Pro
Published
2026-03-03
·
Updated
2026-03-04
·
CVE-2025-66945
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Zdir Pro versions 4.x
Description
A path traversal issue exists in the ZIP extraction functionality of Zdir Pro. Processing a specially crafted ZIP archive via the backend at
/api/extract can allow files to be written outside the intended directory. This could lead to arbitrary file overwrites and potentially remote code execution. The vulnerable component is the ZIP extraction API. The vulnerable API endpoint is /api/extract.Recommendations
Apply updates to address the path traversal issue in the ZIP extraction functionality.
Exploit
Fix
RCE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zdir Pro