CVE-2025-49466
MEDIUMaerc < 93bec0de8ed5ab3d6b1f01026fe2ef20fa154329 - Path Traversal in Attachment Handling
Title source: llmDescription
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
References (2)
Core 2
Scores
CVSS v3
5.8
EPSS
0.0059
EPSS Percentile
43.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-23
Status
published
Products (1)
rjarry/aerc
< 93bec0de8ed5ab3d6b1f01026fe2ef20fa154329
Published
Jun 05, 2025
Tracked Since
Feb 18, 2026