2 matches found
CVE-2025-41035
A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on th...
CVE-2025-41035
appRain CMF 4.0.5 contains an authenticated path traversal vulnerability in the /apprain/common/download/ endpoint. The issue arises from handling of base64-encoded path parameters after /download/, allowing an attacker with sufficient permissions to access files outside the document root. Connec...