4 matches found
CVE-2025-3485
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementati...
CVE-2025-3485
CVE-2025-3485 describes a directory traversal in Allegra’s extractFileFromZip that fails to validate a user-supplied path before file operations, enabling remote code execution in the current process with network access. Authentication is required to exploit. Root cause: improper path validation ...
CVE-2025-3485 Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementati...
CVE-2025-3485
creationtimestamp| type| source ---|---|--- 2025-04-24 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-254/...