Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0.
AnalysisAI
Path traversal vulnerability in Fastw3b LLC FW Gallery (versions through 8.0.0) that allows unauthenticated remote attackers to cause denial of service by manipulating file path parameters. The vulnerability has a high CVSS score of 8.6 due to its network accessibility and lack of authentication requirements, though impact is limited to availability rather than confidentiality or integrity. Specific KEV status, EPSS scores, and publicly available POC information cannot be confirmed from the provided data, warranting immediate vendor contact for patch availability and exploitation status.
Technical ContextAI
This vulnerability exploits improper input validation in file path handling mechanisms within FW Gallery, a web-based gallery application by Fastw3b LLC. The root cause falls under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic path traversal flaw where user-supplied path input is not adequately sanitized before being used in file system operations. Attackers can craft malicious path parameters containing directory traversal sequences (e.g., '../', '..\') to access files and directories outside the intended restricted directory. The web-based nature (AV:N in CVSS vector) indicates the vulnerability is exploitable via standard HTTP requests without local access. The lack of required privileges (PR:N) and user interaction (UI:N) means exploitation requires no authentication or social engineering.
RemediationAI
Immediate remediation steps: (1) Upgrade FW Gallery to the latest patched version released by Fastw3b LLC (vendor contact required as patch version not specified in provided data); (2) If immediate patching is unavailable, implement input validation/sanitization in the application layer or via web application firewall (WAF) rules to reject or encode path traversal sequences ('../', '..\', URL-encoded variants like '%2e%2e/'); (3) Apply principle of least privilege to the web application's file system access—run the gallery application under a restricted user account with minimal directory permissions; (4) Disable directory listing and implement strict access controls on sensitive directories; (5) Monitor application logs for suspicious path traversal attempts (sequences with '..' or unusual path patterns); (6) Consider network segmentation to limit exposure of the FW Gallery application to trusted users only. Consult Fastw3b LLC's official security advisory and GitHub repository for patch downloads and detailed remediation guidance.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19226