CVE-2025-67810 | THREATINT

Description

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.

PUBLISHED Reserved 2025-12-12 | Published 2026-01-09 | Updated 2026-01-09 | Assigner mitre

References

area9.com

security.area9lyceum.com/cve-2025-67810/

cve.org (CVE-2025-67810)

nvd.nist.gov (CVE-2025-67810)

Download JSON