CVE-2025-51052
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk33th percentile - higher than 33% of all known CVEs
Summary
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
Risk Assessment
An attacker can access sensitive data such as configuration files, passwords, or user data, leading to confidentiality breaches and potential further attack escalation.
Recommendation
Immediately update Vedo Suite to the latest patched version and implement path validation in the 'file_get_contents()' function.
Original NVD description (English source)
A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.

