CVE-2025-13879 | THREATINT

Description

Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.

PUBLISHED Reserved 2025-12-02 | Published 2025-12-02 | Updated 2025-12-02 | Assigner INCIBE

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

8.2.3

affected

Credits

Ramón Costales (dRaco) finder

References

www.incibe.es/...vulnerability-efficientips-solidserver-ipam

efficientip.com/resources/solidserver-ipam-solutions-3/ patch release-notes

cve.org (CVE-2025-13879)

nvd.nist.gov (CVE-2025-13879)

Download JSON