CVE-2025-55202
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-09-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apereo | opencast | to 17.7 (exc) |
| apereo | opencast | 18.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55202 is a partial path traversal vulnerability in the UI config module of Opencast versions prior to 17.7 and 18.0. The vulnerability occurs because the path validation does not properly check for file separators when verifying file paths. This allows attackers to access files in directories whose names start with the same prefix as the intended UI config directory (e.g., accessing files in /etc/opencast/ui-config-hidden when the intended directory is /etc/opencast/ui-config), provided those files are readable by Opencast. However, general path traversal attacks to unrelated directories are not possible. The issue is fixed in versions 17.7 and 18.1 by improving path validation to include file separator checks. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability could allow an attacker to access files located in directories that have names starting with the same prefix as the UI config directory, potentially exposing sensitive configuration files if such similarly prefixed directories exist and contain readable files. However, the risk is considered low because the default Opencast setup usually contains only one ui-config folder, making it unlikely for such similarly named directories to exist. Also, attackers cannot access unrelated directories or perform broader path traversal attacks. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your Opencast installation has multiple directories starting with the same prefix as the ui-config folder (e.g., ui-config-hidden) that could be accessed due to insufficient path traversal protections. You can list directories in the Opencast configuration path to identify such folders. For example, run: `ls -ld /etc/opencast/ui-config*` to see if there are any similarly prefixed directories. Additionally, reviewing logs for unusual access attempts to paths like /etc/opencast/ui-config-hidden may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Checking for and removing or renaming any folders that start with the same path prefix as the ui-config folder (e.g., ui-config-hidden) to prevent unintended access. 2) Updating Opencast to version 17.7 or 18.1 or later, where the vulnerability has been fixed by improved path validation that properly checks file separators. These steps will prevent attackers from exploiting the partial path traversal vulnerability. [1, 2]