Security Advisory

CVE-2025-41035

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-04 11:07:48
Last updated 2025-09-04 14:16:10
Assigner INCIBE
State PUBLISHED

Description

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/.