CVE-2025-1743
Published: 27 February 2025
Description
A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-1743 is a path traversal vulnerability (CWE-22) classified as critical in zyx0814 Pichome version 2.1.0. The issue resides in an unknown functionality of the file /index.php?mod=textviewer, where manipulation of the "src" argument enables traversal outside intended directories. It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), reflecting medium severity with low confidentiality impact and no effects on integrity or availability.
Any unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows limited disclosure of sensitive files via the path traversal, as indicated by the low confidentiality impact in the CVSS score. The exploit has been publicly disclosed and may be actively used.
Advisories and details are available from sources including a GitHub issue at https://github.com/sheratan4/cve/issues/4 and VulDB entries at https://vuldb.com/?ctiid.297831, https://vuldb.com/?id.297831, and https://vuldb.com/?submit.502168. No specific patch information is detailed in the available data.
Details
- CWE(s)