CVE-2025-5880 Whistle get-temp-file path traversal

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2025-5880 Whistle get-temp-file path traversal

A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The...

CVE-2025-5880

CVE-2025-5880 affects Whistle 2.9.98. A path traversal flaw is triggered by manipulating the filename argument in /cgi-bin/sessions/get-temp-file. Exploit publicly disclosed; vendor unresponsive per sources. Practical mitigation from PT-2025-24440 suggests restricting access to the endpoint and a...

0.extends.whistle (=1.0.65), @alola-react/plugin-proxy (=0.0.1) +24 more potentially affected by CVE-2024-55500 via whistle (>=0.1.0-beta <=2.9.85-beta)

whistle NPM version =0.1.0-beta, =0.1.21-alpha, =0.0.1, =0.0.0-alpha.202201181327, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =0.1.0, =1.2.0 and more Source cves: CVE-2024-55500 Source advisory: OSV:GHSA-GG6X-448Q-PQQM...