Security Advisory

CVE-2025-66905

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-19 00:00:00

Last updated 2025-12-19 15:53:20

Assigner mitre

State PUBLISHED

Description

The Takes web frameworks TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system.

← Browse all CVEs View on cve.org ↗