Skip to main content

EUVDEUVD-2025-17492

| CVE-2025-31050 HIGH
Path Traversal (CWE-22)
2025-06-09 audit@patchstack.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Re-analysis Queued
Apr 23, 2026 - 15:42 vuln.today
cvss_changed
EUVD ID Assigned
Mar 14, 2026 - 19:21 euvd
EUVD-2025-17492
Analysis Generated
Mar 14, 2026 - 19:21 vuln.today
CVE Published
Jun 09, 2025 - 16:15 nvd
HIGH 7.5

DescriptionCVE.org

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5.

AnalysisAI

Path traversal vulnerability in Apptha Slider Gallery versions up to 2.5 that allows unauthenticated remote attackers to read arbitrary files from the affected server by manipulating pathname parameters. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector requiring no privileges or user interaction, enabling confidentiality compromise of sensitive server files. Current KEV and EPSS status information is not provided in available sources, but the ease of exploitation (AC:L) and absence of authentication requirements significantly elevate real-world risk.

Technical ContextAI

This vulnerability is rooted in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic input validation flaw where user-supplied path parameters are not properly sanitized before file access operations. The Apptha Slider Gallery WordPress plugin fails to implement adequate path canonicalization or whitelist-based directory restrictions, allowing attackers to traverse directory structures using sequences such as '../' or similar path manipulation techniques. The vulnerability affects the plugin's file retrieval mechanisms, likely in image serving or configuration file access functions that process user input without validating against a restricted base directory. CPE identifier for the affected component is wp:apptha_slider_gallery, indicating this is a WordPress plugin vulnerability with web-based attack surface.

Share

EUVD-2025-17492 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy