CVE-2025-5993
CVE-2025-5993
9.2
CriticalPublished:
Last updated:
Source:cvd@cert.pl
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- None
- Availability (Vulnerable)
- None
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.
References
cvd@cert.pl
https://cert.pl/posts/2025/07/CVE-2025-5993cvd@cert.pl
https://itcube.pl/modul-crm