Skip to main content

Fastw3b LLC FW Gallery CVE-2025-49415

| EUVDEUVD-2025-19226 HIGH
Path Traversal (CWE-22)
2025-06-17 audit@patchstack.com
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 23, 2026 - 15:42 vuln.today
cvss_changed
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-19226
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
CVE Published
Jun 17, 2025 - 15:15 nvd
HIGH 8.6

DescriptionCVE.org

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0.

AnalysisAI

Path traversal vulnerability in Fastw3b LLC FW Gallery (versions through 8.0.0) that allows unauthenticated remote attackers to cause denial of service by manipulating file path parameters. The vulnerability has a high CVSS score of 8.6 due to its network accessibility and lack of authentication requirements, though impact is limited to availability rather than confidentiality or integrity. Specific KEV status, EPSS scores, and publicly available POC information cannot be confirmed from the provided data, warranting immediate vendor contact for patch availability and exploitation status.

Technical ContextAI

This vulnerability exploits improper input validation in file path handling mechanisms within FW Gallery, a web-based gallery application by Fastw3b LLC. The root cause falls under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic path traversal flaw where user-supplied path input is not adequately sanitized before being used in file system operations. Attackers can craft malicious path parameters containing directory traversal sequences (e.g., '../', '..\') to access files and directories outside the intended restricted directory. The web-based nature (AV:N in CVSS vector) indicates the vulnerability is exploitable via standard HTTP requests without local access. The lack of required privileges (PR:N) and user interaction (UI:N) means exploitation requires no authentication or social engineering.

RemediationAI

Immediate remediation steps: (1) Upgrade FW Gallery to the latest patched version released by Fastw3b LLC (vendor contact required as patch version not specified in provided data); (2) If immediate patching is unavailable, implement input validation/sanitization in the application layer or via web application firewall (WAF) rules to reject or encode path traversal sequences ('../', '..\', URL-encoded variants like '%2e%2e/'); (3) Apply principle of least privilege to the web application's file system access—run the gallery application under a restricted user account with minimal directory permissions; (4) Disable directory listing and implement strict access controls on sensitive directories; (5) Monitor application logs for suspicious path traversal attempts (sequences with '..' or unusual path patterns); (6) Consider network segmentation to limit exposure of the FW Gallery application to trusted users only. Consult Fastw3b LLC's official security advisory and GitHub repository for patch downloads and detailed remediation guidance.

Share

CVE-2025-49415 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy