Security Advisory

CVE-2025-57403

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-26 00:00:00

Last updated 2025-12-27 15:35:51

Assigner mitre

State PUBLISHED

Description

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.

← Browse all CVEs View on cve.org ↗