CVE-2025-57403

Description

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.

PUBLISHED Reserved 2025-08-17 | Published 2025-12-26 | Updated 2025-12-27 | Assigner mitre

References

github.com/AbelChe/cola_dnslog/issues/29

gist.github.com/Captaince/99b728c792c72b2666c2400625702df0

cve.org (CVE-2025-57403)

nvd.nist.gov (CVE-2025-57403)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.