8.7
CVE-2025-53880
- EPSS 0.65%
- Veröffentlicht 30.10.2025 10:31:15
- Zuletzt bearbeitet 30.10.2025 15:03:13
- Quelle meissner@suse.de
- CVE-Watchlists
- Unerledigt
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSUSE
≫
Produkt
Container suse/manager/4.3/proxy-httpd:latest
Default Statusunaffected
Version <
4.3.11-150400.3.15.3
Version
?
Status
affected
HerstellerSUSE
≫
Produkt
Container suse/manager/5.0/x86_64/proxy-httpd:latest
Default Statusunaffected
Version <
5.0.3-150600.3.6.4
Version
?
Status
affected
HerstellerSUSE
≫
Produkt
Container suse/multi-linux-manager/5.1/x86_64/proxy-httpd:latest
Default Statusunaffected
Version <
5.1.3-150700.3.3.3
Version
?
Status
affected
HerstellerSUSE
≫
Produkt
SUSE Manager Proxy LTS 4.3
Default Statusunaffected
Version <
4.3.11-150400.3.15.3
Version
?
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.702 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| meissner@suse.de | 8.7 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-35 Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.