CVE-2025-27920
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/05/2025
Last modified:
21/05/2025
Description
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:srimax:output_messenger:*:*:*:*:*:*:*:* | 2.0.63 (excluding) |
To consult the complete list of CPE names with products and versions, see this page