Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/04/26 12:3 a.m.8 views

CVE-2025-32950

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

6.5CVSS6.7AI score0.00628EPSS
Exploits0References1
CVE
CVE
added 2025/04/22 5:14 p.m.59 views

CVE-2025-32950

Summary (CVE-2025-32950): Jmix (v1.0.0–v1.6.1 and v2.0.0–v2.3.4) is vulnerable to path traversal via the FileRef parameter. An attacker could read arbitrary files on the host if the application server has sufficient permissions, by modifying FileRef in the database or by supplying a crafted value...

6.5CVSS6.3AI score0.00628EPSS
Exploits0References9Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/22 5:14 p.m.2 views

CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

6.5CVSS7AI score0.00628EPSS
Exploits0References9
Cvelist
Cvelist
added 2025/04/22 5:14 p.m.17 views

CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

6.5CVSS0.00628EPSS
Exploits0References9
OSV
OSV
added 2025/04/22 5:14 p.m.6 views

CVE-2025-32950 io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

6.5CVSS6.5AI score0.00628EPSS
Exploits0References11
Rows per page
Query Builder