CVE-2025-67890 | pkp Open Journal Systems up to 3.3.0-21/3.4.0-9/3.5.0-1 Native XML Plugin NativeXmlIssueGalleyFilter.php writeFile path traversal

Inserito da Angelo Barbosa | Dic 28, 2025 | CVE

A vulnerability, which was classified as critical, was found in pkp Open Journal Systems up to 3.3.0-21/3.4.0-9/3.5.0-1. This vulnerability affects the function writeFile of the file NativeXmlIssueGalleyFilter.php of the component Native XML Plugin. The manipulation results in path traversal.

This vulnerability is known as CVE-2025-67890. It is possible to launch the attack remotely. No exploit is available.

You should upgrade the affected component.

CVE-2025-67890 | pkp Open Journal Systems up to 3.3.0-21/3.4.0-9/3.5.0-1 Native XML Plugin NativeXmlIssueGalleyFilter.php writeFile path traversal

Post correlati

CVE-2025-60151 | WP Gravity Forms HubSpot Plugin up to 1.2.5 on WordPress redirect

CVE-2025-5225 | Campcodes Advanced Online Voting System 1.0 /index.php voter sql injection

CVE-2024-9400 | Mozilla Firefox up to 128.2/130 JIT Compilation memory corruption

CVE-2024-33631 | Piotnet Addons for Elementor Pro Plugin up to 7.1.17 on WordPress cross site scripting