CVE-2025-13791 | Scada-LTS up to 2.7.8.1 Project Import ZIPProjectManager.java Common.getHomeDir path traversal

Inserito da Angelo Barbosa | Nov 29, 2025 | CVE

A vulnerability was found in Scada-LTS up to 2.7.8.1. It has been declared as critical. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal.

This vulnerability is traded as CVE-2025-13791. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13791 | Scada-LTS up to 2.7.8.1 Project Import ZIPProjectManager.java Common.getHomeDir path traversal

Post correlati

CVE-2024-40480 | Kashipara Online Exam System 1.0 Administrator Dashboard /admin/update.php access control

CVE-2024-5251 | Ultimate Addons for WPBakery Page Builder Plugin up to 3.19.20 on WordPress Shortcode cross site scripting

CVE-2025-7944 | PHPGurukul Taxi Stand Management System 1.0 /search.php searchdata cross site scripting

CVE-2021-4437 | dbartholomae lambda-middleware frameguard up to 1.0.4 JSON Mime-Type JsonDeserializer.ts redos (ID 57)