CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

391 vulnerabilities with CWE-23
CVE-2025-55115 HIGH
Control-M/Agent <9.0.20 - Privilege Escalation
CVSS 8.8
CVE-2025-10203 HIGH
Digilent WaveForms <3.24.3 - RCE
CVSS 7.8
CVE-2025-58760 HIGH
Tautulli <2.15.3 - Path Traversal
CVSS 8.6
CVE-2025-53609 MEDIUM
FortiWeb <7.6.4-7.2.11-7.0.11 - Path Traversal
CVSS 4.9
CVE-2025-58752 MEDIUM
Vite <7.1.5, 7.0.7, 6.3.6, 5.4.20 - Info Disclosure
CVSS 5.3
CVE-2025-25048 MEDIUM
IBM Jazz Foundation <7.0.2-7.1.0 - Privilege Escalation
CVSS 6.5
CVE-2025-55748 HIGH
XWiki Platform <16.10.6 - Info Disclosure
CVSS 7.5
CVE-2025-55747 CRITICAL
XWiki Platform <16.10.6 - Info Disclosure
CVSS 9.1
CVE-2025-9570 MEDIUM
eHRD CTMS - Path Traversal
CVSS 4.9
CVE-2025-55202 MEDIUM
Opencast <18.0 - Path Traversal
CVSS 5.3
CVE-2025-9639 HIGH
QbiCRMGateway - Path Traversal
CVSS 7.5
CVE-2025-8464 MEDIUM
Contact Form 7 <1.3.9.0 - Path Traversal
CVSS 5.3
CVE-2025-53779 HIGH
Windows Kerberos - Privilege Escalation
CVSS 7.2
CVE-2025-55013 MEDIUM
Assemblyline 4 <4.6.1.dev138 - Path Traversal
CVSS 4.2
CVE-2025-51052 MEDIUM
Vedo Suite <2024.17 - Path Traversal
CVSS 6.5
CVE-2025-53082 MEDIUM
Samsung Data Management Server Firmware < 2.3.13.1 - Path Traversal
CVSS 6.1
CVE-2025-54531 HIGH
Jetbrains Teamcity < 2025.07 - Path Traversal
CVSS 7.7
CVE-2025-54317 HIGH
Logpoint <7.6.0 - Path Traversal
CVSS 8.4
CVE-2025-46002 MEDIUM
Simogeo Filemanager < 2.0.0 - Path Traversal
CVSS 6.5
CVE-2025-7619 HIGH
BatchSignCS - Path Traversal
CVSS 8.8
CVE-2025-48817 HIGH
Remote Desktop Client - Path Traversal
CVSS 8.8
CVE-2025-7146 HIGH
iPublish System - Info Disclosure
CVSS 7.5
CVE-2025-52207 CRITICAL
MikoPBX <2024.1.114 - Code Injection
CVSS 9.9
CVE-2025-44163 MEDIUM
Raspap-webgui < 3.3.6 - Path Traversal
CVSS 6.3
CVE-2025-52922 HIGH
Innoshop <0.4.1 - Path Traversal
CVSS 7.4
Details
Vulnerabilities 391
Links
MITRE CWE Entry Search this CWE With Exploits