Arbitrary File Download through Path Traversal in Innorix WP

6.9 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed (ex: innorix/exam)

Basic Information

ID CVE-2025-15066

Source FSI

Published Dec 29, 2025 at 00:48

Affected Product

Vendor Innorix

Product Innorix WP

CWE Classification

CWE-22 CWE-862

References

{
    "lastseen": "",
    "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the \"exam\" directory exists under the directory where the product is installed (ex: innorix/exam)",
    "published": "2025-12-29T00:48:56.222Z",
    "modified": "2025-12-29T00:48:56.222Z",
    "type": "cve",
    "title": "Arbitrary File Download through Path Traversal in Innorix WP",
    "source": "FSI",
    "references": "https://www.innorix.com/\nhttps://www.gnit.co.kr/software/innorix_product.html",
    "id": "CVE-2025-15066",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22",
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Innorix WP",
    "version": "0",
    "vendor": "Innorix",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Arbitrary File Download through Path Traversal in Innorix WP_CVE-2025-15066