PT-2026-35739 · Undefined · Undefined

Published

2026-04-28

Updated

2026-04-28

CVE-2025-67223

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-377CWE-532

Related Identifiers

CVE-2025-67223

Affected Products

Undefined

PT-2026-35739 · Undefined · Undefined

CVE-2025-67223

Weakness Enumeration

Related Identifiers

Affected Products

References · 4