CVE-2025-69601

Name of the Vulnerable Software and Affected Versions 66biolinks version 44.0.0

Description A directory traversal issue exists in the “Static Sites” feature. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences (e.g., ../) in ZIP entries to write files outside the intended extraction directory. This allows static files (html, js, css, images) file write to unintended locations, or overwriting existing HTML files, potentially leading to content defacement and, in certain deployments, further impact if sensitive files are overwritten. A directory traversal sequence is a method used to access files and directories outside of the intended root directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.