CWE-22

High likelihood

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Parent: CWE-706 - Use of Incorrectly-Resolved Name or Reference

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

9,130 vulnerabilities with CWE-22
CVE-2025-14965 MEDIUM
1541492390c yougou-mall - Path Traversal
CVSS 5.5
CVE-2025-67442 HIGH
EVE-NG 6.4.0-13-PRO - Authenticated Directory Traversal via Export API
CVSS 7.6
CVE-2025-66905 HIGH
Takes TkFiles <2.0-SNAPSHOT - Path Traversal
CVSS 7.5
CVE-2025-14910 MEDIUM
Edimax BR-6208AC 1.02 - Path Traversal in FTP Daemon Service
CVSS 4.3
CVE-2025-68398 CRITICAL
Weblate < 5.15.1 - Path Traversal via Git Configuration Overwrite
CVSS 9.1
CVE-2025-68279 HIGH
Weblate < 5.15.1 - Path Traversal via Crafted Symbolic Links
CVSS 7.7
CVE-2025-34452 HIGH
Streama 1.10.0-1.10.5 Path Traversal & SSRF via Subtitle Download
CVE-2025-67653 MEDIUM
Advantech WebAccess/SCADA - Path Traversal
CVSS 4.3
CVE-2025-14850 HIGH
Advantech WebAccess/SCADA - Path Traversal and Arbitrary File Deletion
CVSS 8.1
CVE-2025-64235 MEDIUM
AmentoTech Tuturn <3.6 - Path Traversal
CVSS 6.5
CVE-2025-40898 HIGH
Nozomi Networks CMC/Guardian <25.5.0 Authenticated Path Traversal & Arbitrary File Write
CVSS 8.1
CVE-2025-64230 HIGH
WP Chill Filr <1.2.10 - Path Traversal
CVSS 7.7
CVE-2025-54748 MEDIUM
RomanCode MapSVG <8.6.12 - Path Traversal
CVSS 6.5
CVE-2025-68145 CRITICAL
mcp-server-git < 2025.12.17 - Path Traversal via Repository Path Validation Bypass
CVSS 9.1
CVE-2025-68143 HIGH
Model Context Protocol Servers < 2025.9.25 - Path Traversal via git_init Tool
CVSS 8.8
CVE-2025-67174 HIGH
RiteCMS 3.1.0 - Local File Inclusion via Directory Traversal in admin_language_file Parameter
CVSS 7.5
CVE-2025-67171 HIGH
RiteCMS 3.1.0 - Path Traversal in Templates Component
CVSS 7.5
CVE-2025-14727 HIGH
F5 NGINX Ingress Controller - Path Traversal via Rewrite-Target Annotation
CVSS 8.3
CVE-2025-12496 MEDIUM
Zephyr Project Manager <3.3.203 - Path Traversal
CVSS 4.9
CVE-2025-68155 HIGH
@vitejs/plugin-rs <0.5.8 - Info Disclosure
CVSS 7.5
CVE-2025-63414 CRITICAL
Allsky WebUI v2024.12.06_06 - Path Traversal
CVSS 10.0
CVE-2025-65076 MEDIUM
WaveStore Video Management Software Server < 6.42.4 - Authenticated Path Traversal via ilog Script
CVSS 6.1
CVE-2025-65075 MEDIUM
WaveStore Video Management Software Server < 6.42.4 - Authenticated Path Traversal via alog Script
CVSS 6.5
CVE-2025-65074 HIGH
WaveStore Video Management Software Server < 6.42.4 - OS Command Execution via Path Traversal
CVSS 7.2
CVE-2025-66449 HIGH
ConvertX < 0.16.0 - Authenticated Arbitrary File Write via Upload Endpoint
CVSS 8.8
Details
Vulnerabilities 9,130
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits