Security Advisory

CVE-2025-5993

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-08 10:18:47

Last updated 2025-09-08 13:40:52

Assigner CERT-PL

State PUBLISHED

Description

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.

← Browse all CVEs View on cve.org ↗