CVE-2025-32807

{"id": "CVE-2025-32807", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-04-11T00:15:27.777", "references": [{"url": "https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/Changelog.md?plain=1#L112", "source": "cve@mitre.org"}, {"url": "https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/include/class_IconTheme.inc#L233-237", "source": "cve@mitre.org"}, {"url": "https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/commit/9edefd0b367450d665a141c5e94db8a06d208556", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-24"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php."}, {"lang": "es", "value": " Una vulnerabilidad de path traversal en FusionDirectory anterior a 1.5 permite a atacantes remotos leer archivos arbitrarios en el host que terminan en .png (y .svg o .xpm para algunas configuraciones) a trav\u00e9s del par\u00e1metro de \u00edcono de una solicitud GET a geticon.php."}], "lastModified": "2025-04-11T15:39:52.920", "sourceIdentifier": "cve@mitre.org"}