CVE-2025-32807

None

Description

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.

INFO

Published Date :

2025-04-10T00:00:00.000Z

Last Modified :

2025-04-11T16:04:04.886Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-32807 vulnerability.

Vendors	Products
Fusiondirectory	Fusiondirectory

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32807.

URL	Resource
https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/Changelog.md?plain=1#L112
https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/include/class_IconTheme.inc#L233-237
https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/commit/9edefd0b367450d665a141c5e94db8a06d208556

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact