CVE-2025-27590

9.0

Critical

Published:3 Mar 2025

Last updated:17 Jun 2026

Source:cve@mitre.org

Analyzed

Weakness (CWE)

CWE-22Path Traversal

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.

References

cve@mitre.org

https://github.com/ytti/oxidized-web/commit/a5220a0ddc57b85cd122bffee228d3ed4901668e

cve@mitre.org

https://github.com/ytti/oxidized-web/releases/tag/0.15.0