
We found results for “”
CVE-2025-32807
Good to know:

Date: April 9, 2025
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Path Traversal: '../filedir'
CWE-24Top Fix

Upgrade Version
Upgrade to version https://github.com/fusiondirectory/fusiondirectory.git - fusiondirectory-1.5
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |