CVE-2025-24961

CVE-2025-24961 affects org.gaul S3Proxy and describes an insecure path traversal in the filesystem and filesystem-nio2 storage backends that could unintentionally expose local files to users. The root cause is a path traversal flaw when using those backends, enabling access to files outside the i...

Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore...