Onedrive
CVE-2025-60722
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network.
AnalysisAI
Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Improper limitation of a pathname to a restricted directory ('path traversal') in OneDrive for Android allows an authorized attacker to elevate privileges over a network. Affected products include: Microsoft Onedrive.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to byp
Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is
An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To
Untrusted search path vulnerability in the installer of Microsoft OneDrive allows an attacker to gain privileges via a T
Untrusted search path vulnerability in Microsoft OneDrive allows an attacker to gain privileges via a Trojan horse DLL i
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles s
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles s
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles s
Microsoft OneDrive for iOS Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability i
Microsoft OneDrive for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerabilit
Microsoft OneDrive for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerabilit
An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symb
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today