CVE-2025-57403
Directory Traversal in Cola Dnslog v1.3.2 Exposes Sensitive Data
Publication date: 2025-12-26
Last updated on: 2025-12-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cola | dnslog | 1.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to the exposure of sensitive information by allowing attackers to access files outside the intended directory structure. This could result in unauthorized disclosure of confidential data stored on the system.
Can you explain this vulnerability to me?
Cola Dnslog v1.3.2 has a Directory Traversal vulnerability. When processing a DNS query for a TXT record, the application improperly concatenates the requested URL or part of it with a base path using os.path.join. This allows an attacker to perform directory traversal or absolute path injection, potentially accessing files outside the intended directory.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows attackers to access arbitrary files on the server, potentially exposing sensitive information such as user passwords and tokens. Such exposure of sensitive data could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information from unauthorized access. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending DNS TXT record queries with crafted payloads that attempt directory traversal or absolute path injection. For example, using commands like `nslookup -type=TXT /windows/win.ini [server_ip]` or `nslookup -type=TXT F:/cola_dnslog-main/info.txt [server_ip]` can test if the server returns contents of arbitrary files, indicating the vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting DNS TXT record queries that allow arbitrary file path inputs, applying input validation and sanitization on the requested query name (qname) to prevent directory traversal or absolute path injection, and updating or patching the cola_dnslog application to a version that fixes this vulnerability.