Home

Description

A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files

PUBLISHED Reserved 2025-02-25 | Published 2025-06-05 | Updated 2025-06-19 | Assigner Joomla

Problem types

CWE-35: Path Traversal

Product status

Default status
unaffected

2.9.7-3.1.5
affected

Credits

Kamil Szczurowski finder

Robert Kruczek finder

References

rsjoomla.com/ product

cve.org (CVE-2025-27445)

nvd.nist.gov (CVE-2025-27445)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.