CVE-2025-27445
BaseFortify
Publication date: 2025-06-05
Last updated on: 2025-06-17
Assigner: Joomla! Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to access sensitive files outside the intended Joomla directory, potentially exposing confidential information, configuration files, or other data that could be used to further compromise the system or gain unauthorized access.
Can you explain this vulnerability to me?
This vulnerability is a path traversal flaw in the RSFirewall component versions 2.9.7 to 3.1.5 for Joomla. It allows authenticated users to read arbitrary files outside the Joomla root directory by exploiting insufficient sanitization of user-supplied input in file path parameters. Attackers can use directory traversal sequences like '../' to access sensitive files that should be restricted.