Directory traversal vulnerability in EfficientIP's SOLIDserver IPAM
SOLIDserver IPAM, 8.2.3 version.
INCIBE has coordinated the publication of a medium-severity vulnerability affecting SOLIDserver IPAM by EfficientIP, a suite that offers highly scalable virtual and hardware appliances for critical DNS-DHCP-IPAM services. The vulnerability was discovered by Ramón Costales (dRaco).
This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:
- CVE-2025-41064: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N | CWE-22
The vulnerability has been fixed by EfficientIP team in version 8.4.1.
CVE-2025-41064: directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.
