CVE-2025-11849
BaseFortify
Publication date: 2025-10-17
Last updated on: 2026-04-29
Assigner: Snyk
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| org.zwobble.mammoth | mammoth | 0.3.25 |
| org.zwobble.mammoth | mammoth | 1.11.0 |
| org.zwobble.mammoth | mammoth | 1.10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Directory Traversal issue in the mammoth package before version 1.11.0. It occurs because the package does not properly validate paths or file types when processing a docx file that contains an image linked via an external reference (r:link attribute) instead of embedding it (r:embed). The library resolves the URI to a file path and reads the content, which is then encoded as base64 and included in the HTML output. An attacker can exploit this to read arbitrary files on the system where the conversion happens or cause excessive resource consumption by linking to special device files like /dev/random or /dev/zero.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to read arbitrary files on the system performing the docx to HTML conversion, potentially exposing sensitive information. Additionally, an attacker can cause excessive resource consumption by linking to special device files, which may lead to denial of service or system instability.