CVE-2025-57618
HIGHFastX3 <= 3.3.67 - Unauthenticated Path Traversal and Remote Code Execution
Title source: llmDescription
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints.
References (3)
Core 3
Core References
Various Sources
https://www.starnet.com/fastx/
Various Sources
https://www.starnet.com/help/fastx3-3-server-release-notes/
Scores
CVSS v3
7.3
EPSS
0.0065
EPSS Percentile
46.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-24
Status
published
Published
Oct 14, 2025
Tracked Since
Feb 18, 2026