CVE-2025-57403
HIGHCola Dnslog 1.3.2 - Directory Traversal via DNS TXT Record Processing
Title source: llmDescription
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://gist.github.com/Captaince/99b728c792c72b2666c2400625702df0
Exploit, Issue Tracking, Third Party Advisory
https://github.com/AbelChe/cola_dnslog/issues/29
Scores
CVSS v3
7.5
EPSS
0.0096
EPSS Percentile
56.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-23
Status
published
Products (1)
abelche/cola_dnslog
1.3.2
Published
Dec 26, 2025
Tracked Since
Feb 18, 2026