CVE-2025-27920

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/05/2025
Last modified:
21/05/2025

Description

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:srimax:output_messenger:*:*:*:*:*:*:*:* 2.0.63 (excluding)