CVE-2025-27920: Directory Traversal Vulnerability

Published: 2024-12-25
Title: Directory Traversal Vulnerability
Impact: Unauthorized file access and potential remote code execution
Affected Versions: All versions earlier than V2.0.63
Fixed Version: V2.0.63

Description

A directory traversal vulnerability was identified in Output Messenger version V2.0.62. This vulnerability allows remote attackers to access or execute arbitrary files by manipulating file paths with `../` sequences. By exploiting this flaw, attackers can navigate outside the intended directory, potentially exposing or modifying sensitive files on the server.

Attackers could access files such as configuration files, sensitive user data, or even source code, and depending on the file contents, this could lead to further exploitation, including remote code execution.

Impact

Successful exploitation of this vulnerability can have severe consequences, including:

  • Unauthorized access to sensitive files (e.g., configuration files, source code)
  • Potential remote code execution if sensitive files are executed
  • Exposure of private information or system configurations

Important: Attackers can potentially exploit this vulnerability to gain unauthorized access to critical system files, leading to further compromise of the affected system.

Fixed Version

This issue has been resolved in Output Messenger version V2.0.63. All users are urged to upgrade to this version to prevent exploitation of this vulnerability.

References

Acknowledgments

We thank Microsoft Security Response Center for identifying and responsibly disclosing this vulnerability.