CVE-2025-46002
Severity CVSS v4.0:
Pending analysis
Type:
CWE-23
Relative Path Traversal
Publication date:
18/07/2025
Last modified:
22/07/2025
Description
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
References to Advisories, Solutions, and Tools
- https://github.com/simogeo/Filemanager
- https://github.com/simogeo/Filemanager/releases/tag/v1.7.0
- https://github.com/simogeo/Filemanager/releases/tag/v1.8.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.0.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.1.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.2.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.3.0
- https://github.com/zakumini/CVE-List/blob/main/CVE-2025-46002/CVE-2025-46002.md
- https://www.exploit-db.com/exploits/38945