Home > Vulnerability Database > CVE-2025-11016

Mend.io Vulnerability Database

CVE-2025-11016

Good to know:

Date: September 26, 2025

A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity Score

9.8

Related Resources (7)

Url: https://vuldb.com/?submit.654367

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-11016

Url: https://github.com/August829/YU1/issues/3

Url: https://vuldb.com/?ctiid.325959

Url: https://github.com/August829/YU1/issues/3#issue-3416620392

Url: https://vuldb.com/?id.325959

Url: https://www.mend.io/vulnerability-database/CVE-2025-11016

Severity Score

9.8

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-11016

Good to know:

Date: September 26, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?