AI description
CVE-2025-5993 is a path traversal vulnerability found in ITCube CRM versions 2023.2 through 2025.2. An unauthenticated remote attacker can exploit the vulnerable "fileName" parameter to construct payloads. This allows the attacker to download any file accessible by the web server process. Successful exploitation of CVE-2025-5993 could allow an attacker to access sensitive files on the server without authentication. This could lead to unauthorized information disclosure, potentially exposing critical system files, configuration details, or sensitive user data. To mitigate this vulnerability, it is recommended to update ITCube CRM to a version beyond 2025.2, implement strict input validation for file path parameters, restrict web server process file access using access controls, and monitor file access logs.
- Description
- ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.
- Source
- cvd@cert.pl
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- cvd@cert.pl
- CWE-22
- Hype score
- Not currently trending
CVE-2025-5993 ITCube CRM Path Traversal Vulnerability Allows Unauthenticated File Download https://t.co/5bE4piBtK5
@VulmonFeeds
8 Sept 2025
1209 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5993 ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and … https://t.co/6R6wFfmo8d
@CVEnew
8 Sept 2025
419 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes