CVE-2025-67076 | THREATINT

Description

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.

PUBLISHED Reserved 2025-12-08 | Published 2026-01-15 | Updated 2026-01-16 | Assigner mitre

References

www.agora-project.net

www.helx.io/blog/advisory-agora-project/

cve.org (CVE-2025-67076)

nvd.nist.gov (CVE-2025-67076)

Download JSON