Path Traversal in ITCube CRM_CVE-2025-5993

9.2 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Description

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.

Basic Information

ID CVE-2025-5993

Source CERT-PL

Published Sep 8, 2025 at 10:18

Affected Product

Vendor ITCube Software

Product ITCube CRM

Version 2023.2

Affected Versions ITCube Software ITCube CRM 2023.2

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.",
    "published": "2025-09-08T10:18:47.856Z",
    "modified": "2025-09-08T10:18:47.856Z",
    "type": "cve",
    "title": "Path Traversal in ITCube CRM",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2025/07/CVE-2025-5993\nhttps://itcube.pl/modul-crm",
    "id": "CVE-2025-5993",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "ITCube Software ITCube CRM 2023.2",
    "sourceHref": "",
    "cvss": {
        "score": 9.2,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ITCube CRM",
    "version": "2023.2",
    "vendor": "ITCube Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}