📄 Eptura Archibus Directory Traversal_PACKETSTORM:213675

{
    "lastseen": "2026-01-09T22:37:26",
    "description": "In Eptura Archibus versions before version 2025.01, the \"Run script\" and \"Server File\" components of the \"Database Update Wizard\" are vulnerable to directory traversal...",
    "published": "2026-01-09T00:00:00",
    "modified": "2026-01-09T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Eptura Archibus Directory Traversal",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:213675",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-25652"
    ],
    "sourceData": "Title: Eptura Archibus Directory Traversal\n    \n    Description: In Eptura Archibus versions before v2025.01, the \"Run script\" and \"Server File\" components of the \"Database Update Wizard\" are vulnerable to directory traversal. An attacker can alter the request to the server while using the \"Run Script\" and \"Server File\" features of the Database update wizard which load a script from the server to run on in the application. By intercepting the request and changing the variable in the post request for \"c0-param0\" and \"c0-param1\" an attacker can read files on the server bypassing the folder restrictions.\n    \n    Affected Component: /archibus/dwr/call/plaincall/SchemaUpdateWizardService.getServerFileContents.dwr\n    \n    Source Name: Brandon Roach (V4quero) @ Pathfynder\n    \n    CVEs: CVE-2025-25652 (https://www.cve.org/CVERecord?id=CVE-2025-25652)\n    \n    Software URL:\n    https://eptura.com/our-platform/archibus/\n    https://archibus.com/",
    "sourceHref": "https://packetstorm.news/download/213675",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/213675/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}