CVE-2025-53908 | rommapp romm up to 3.10.2/4.0.0-beta2 /api/raw path traversal (GHSA-fx9g-xw4j-jwc3)

Inserito da Angelo Barbosa | Lug 16, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in rommapp romm up to 3.10.2/4.0.0-beta2. Affected by this issue is some unknown functionality of the file /api/raw. The manipulation leads to path traversal: ‘/dir/../filename’.

This vulnerability is handled as CVE-2025-53908. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-53908 | rommapp romm up to 3.10.2/4.0.0-beta2 /api/raw path traversal (GHSA-fx9g-xw4j-jwc3)

Post correlati

CVE-2024-41241 | Kashipara Responsive School Management System 3.2.0 /smsa/admin_login.php error cross site scripting

CVE-2024-55627 | OISF Suricata up to 7.0.7 TCP Stream integer underflow (ID 7393)

CVE-2024-41992 | Arcadyan FMIMG51AX000J Alliance Wi-Fi Test Suite command injection (VU#123336)

CVE-2024-11654 | EnGenius ENH1350EXT/ENS500-AC/ENS620EXT up to 20241118 diag_traceroute6 command injection