CVE-2025-12922 | OpenClinica Community Edition up to 3.12.2/3.13 CRF Data Import ImportCRFData?action=confirm xml_file path traversal

Inserito da Angelo Barbosa | Nov 9, 2025 | CVE

A vulnerability identified as critical has been detected in OpenClinica Community Edition up to 3.12.2/3.13. This affects an unknown part of the file /ImportCRFData?action=confirm of the component CRF Data Import. Performing manipulation of the argument xml_file results in path traversal.

This vulnerability is identified as CVE-2025-12922. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12922 | OpenClinica Community Edition up to 3.12.2/3.13 CRF Data Import ImportCRFData?action=confirm xml_file path traversal

Post correlati

CVE-2025-51281 | D-Link D-Link DI-8100 16.07.26A1 qj_asp val/id buffer overflow

CVE-2024-24594 | Allegro AI ClearML Debug Samples Tab cross site scripting

CVE-2024-13138 | wangl1989 mysiteforme 1.0 LocalUploadServiceImpl upload test unrestricted upload

CVE-2025-7879 | Metasoft 美特软件 MetaCRM up to 6.4.2 mobileupload.jsp File unrestricted upload