CVE Catalog

CVE-2025-51052

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

33th percentile - higher than 33% of all known CVEs

Summary

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.

Risk Assessment

An attacker can access sensitive data such as configuration files, passwords, or user data, leading to confidentiality breaches and potential further attack escalation.

Recommendation

Immediately update Vedo Suite to the latest patched version and implement path validation in the 'file_get_contents()' function.

Original NVD description (English source)

A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS