← back
CVE-2025-2305

Local file inclusion vulnerability in LIVE CONTRACT

CVSS 8.6 HIGHEPSS 0.3%CWE-20
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N