CVE-2025-11939 | ChurchCRM up to 5.18.0 Backup Restore RestoreJob.php restoreFile path traversal

A vulnerability classified as critical was found in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing manipulation of the argument restoreFile can lead to path traversal.

The identification of this vulnerability is CVE-2025-11939. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11939 | ChurchCRM up to 5.18.0 Backup Restore RestoreJob.php restoreFile path traversal

Post correlati

CVE-2024-56548 | Linux Kernel up to 6.12.1 hfsplus use after free

CVE-2024-53840 | Google Android Biometric improper authentication

CVE-2024-2903 | Tenda AC7 15.03.06.44 GetParentControlInfo mac stack-based overflow

CVE-2024-43454 | Microsoft