CVE-2025-57618

HIGH

FastX3 <3.3.67 - Path Traversal

Title source: llm

Description

A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints.

References (3)

[Various Sources] https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md?ref_type=heads

View Writeup ZIP pw:eip

[Various Sources] https://www.starnet.com/fastx/

[Various Sources] https://www.starnet.com/help/fastx3-3-server-release-notes/

Scores

CVSS v3 7.3

EPSS 0.0057

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-24

Status draft

Timeline

Published Oct 14, 2025

Tracked Since Feb 18, 2026