CWE-23

Relative Path Traversal

Parent: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

417 vulnerabilities with CWE-23
CVE-2025-52922 HIGH
InnoShop <= 0.4.1 - Authenticated Directory Traversal via FileManager API
CVSS 7.4
CVE-2025-34510 HIGH
Sitecore XP CVE-2025-34510 Post-Authentication Remote Code Execution
CVSS 8.8
CVE-2025-33112 HIGH
IBM AIX 7.3 & VIOS 4.1.1 - Code Injection
CVSS 8.4
CVE-2025-3365 CRITICAL
B. Braun Melsungen AG OnlineSuite 3.0 - Path Traversal
CVSS 9.8
CVE-2025-49466 MEDIUM
aerc < 93bec0de8ed5ab3d6b1f01026fe2ef20fa154329 - Path Traversal in Attachment Handling
CVSS 5.8
CVE-2025-48957 HIGH
AstrBot 3.4.4-3.5.12 - Path Traversal and Information Disclosure via Dashboard Feature
CVSS 7.5
CVE-2025-47788 CRITICAL
Atheos < 602 - Path Traversal via $target Parameter in controller.php
CVE-2025-47445 HIGH
Eventin <= 4.0.26 - Path Traversal
CVSS 7.5
CVE-2025-31493 CRITICAL
Kirby < 3.9.8.3, 3.10.1.2, 4.7.1 - Path Traversal and Remote Code Execution via Dynamic Collection Name
CVSS 9.1
CVE-2025-30207 HIGH
Kirby <3.9.8.3, <3.10.1.2, <4.7.1 - Path Traversal
CVSS 7.5
CVE-2025-30159 CRITICAL
Kirby <3.9.8.3, 3.10.1.2, 4.7.1 - Path Traversal
CVSS 9.1
CVE-2025-22859 MEDIUM
FortiClientEMS 7.4.0-7.4.1 & Cloud - Unauthenticated Path Traversal & Arbitrary File Write
CVSS 5.3
CVE-2025-24350 HIGH
Bosch Rexroth ctrlX OS 1.12.0-1.12.8, 1.20.0-1.20.6, 2.6.0-2.6.7 Authenticated Arbitrary File Write
CVSS 7.1
CVE-2025-24343 MEDIUM
Bosch Rexroth ctrlX OS 1.12.0-1.12.1, 1.20.0-1.20.1, 2.6.0 - Authenticated Arbitrary File Write
CVSS 5.4
CVE-2025-46433 MEDIUM
JetBrains TeamCity <2025.03.1 - Path Traversal
CVSS 4.9
CVE-2025-43016 MEDIUM
JetBrains Rider <2025.1.2 - Privilege Escalation
CVSS 5.4
CVE-2025-27791 HIGH
Collabora Online <24.04.12.4-22.05.25 - Path Traversal
CVE-2025-32017 HIGH
Umbraco CMS 14.0.0-14.3.3 - Authenticated Path Traversal via Management API
CVSS 8.8
CVE-2025-32409 HIGH
Ratta SuperNote A6 X2 Nomad <December 2024 - RCE
CVSS 8.1
CVE-2025-32137 MEDIUM
s2Member <= 250419 - Relative Path Traversal
CVSS 4.9
CVE-2025-2007 HIGH
WordPress CSV/XML Datafeed Plugin <7.19 - Privilege Escalation
CVSS 8.1
CVE-2025-2961 MEDIUM
opensolon < 3.1.0 - Path Traversal via Template Argument in RenderManager
CVSS 4.3
CVE-2025-29789 HIGH
OpenEMR < 7.0.3 - Path Traversal via Load Code Feature
CVSS 7.5
CVE-2025-27553 HIGH
Apache Commons VFS < 2.10.0 - Relative Path Traversal via Encoded Dot-Dot-Slash Sequences
CVSS 7.5
CVE-2025-2056 HIGH
WP Ghost (Hide My WP Ghost) - Security & Firewall <= 5.4.01 - Unauthenticated Path Traversal via showFile Function
CVSS 7.5
Details
Vulnerabilities 417
Links
MITRE CWE Entry Search this CWE With Exploits