CVE-2025-15066
Path Traversal in Innorix WP Allows Unauthorized Directory Access
Publication date: 2025-12-29
Last updated on: 2025-12-29
Assigner: FSI
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| innorix | wp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive files or data stored within or outside the application directory. This can compromise confidentiality, potentially exposing sensitive information to attackers without proper authorization.
Can you explain this vulnerability to me?
This vulnerability is a Path Traversal and Missing Authorization issue in Innorix WP. It allows an attacker to access files and directories outside the intended restricted directory if the "exam" directory exists under the product installation directory. This means unauthorized users can potentially access sensitive files by manipulating the file path.