CVE-2025-59099

Name of the Vulnerable Software and Affected Versions CompactWebServer (affected versions not specified)

Description The Access Manager utilizes CompactWebServer, a web server written in C#, which contains a path traversal flaw. This allows an attacker to access files through GET requests without authentication. Specifically, the SQLite database Database.sq3, containing badge information and PIN codes, can be retrieved. Repeated requests to certain files can cause the web server to crash, leading to a denial of service lasting approximately 60 seconds. The vulnerability allows direct file access via simple GET requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.