CVE-2025-23011

Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/fcrepo-exts/migration-utils
https://github.com/fcrepo/fcrepo/releases
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-021-01.json

Configurations

No configuration.

History

03 Feb 2025, 20:15

Type	Values Removed	Values Added
Summary		(es) Fedora Repository 3.8.1 permite Path Traversal al extraer archivos cargados ("Zip Slip"). Un atacante remoto autenticado puede cargar un archivo manipulado especial que extraerá un archivo JSP arbitrario a una ubicación que se puede ejecutar mediante una solicitud GET no autenticada. El repositorio de Fedora 3.8.1 se lanzó el 11 de junio de 2015 y ya no se mantiene. Migre a una versión compatible actualmente (6.5.1 a partir del 23 de enero de 2025).

23 Jan 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-23 21:15

Updated : 2025-02-03 20:15

NVD link : CVE-2025-23011

Mitre link : CVE-2025-23011

CVE.ORG link : CVE-2025-23011

JSON object : View

Products Affected

No product.

CWE

CWE-23

Relative Path Traversal

{"id": "CVE-2025-23011", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 8.7, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "LOW", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2025-01-23T21:15:15.010", "references": [{"url": "https://github.com/fcrepo-exts/migration-utils", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/fcrepo/fcrepo/releases", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-021-01.json", "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-23"}]}], "descriptions": [{"lang": "en", "value": "Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives (\"Zip Slip\"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23)."}, {"lang": "es", "value": "Fedora Repository 3.8.1 permite Path Traversal al extraer archivos cargados (\"Zip Slip\"). Un atacante remoto autenticado puede cargar un archivo manipulado especial que extraer\u00e1 un archivo JSP arbitrario a una ubicaci\u00f3n que se puede ejecutar mediante una solicitud GET no autenticada. El repositorio de Fedora 3.8.1 se lanz\u00f3 el 11 de junio de 2015 y ya no se mantiene. Migre a una versi\u00f3n compatible actualmente (6.5.1 a partir del 23 de enero de 2025)."}], "lastModified": "2025-02-03T20:15:36.823", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}