Path Traversal in Obiba Opal
CVE-2025-27101
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including file…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.005 (40.4th percentile) — read the EPSS interpretation.
Affected products
- Obiba Opal — versions < 5.1.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-27101?
- CVE-2025-27101 is a vulnerability in Obiba Opal, classified under Path Traversal. Published 2025-03-11.
- Is CVE-2025-27101 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.