CVE-2025-8054 | THREATINT

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2.

PUBLISHED Reserved 2025-07-22 | Published 2026-02-19 | Updated 2026-02-23 | Assigner OpenText

HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:N/AU:Y/R:A/V:D/RE:M/U:Amber

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status

unaffected

24.2

affected

Credits

Inetum Hacking team, leaded in this research by Ángel M Sequeira and with the help of @cr33pb0y finder

References

support.opentext.com/...henticated&sysparm_article=KB0847038

cve.org (CVE-2025-8054)

nvd.nist.gov (CVE-2025-8054)

Download JSON