Path Traversal in Apereo Opencast
CVE-2025-55202
Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, s…
EPSS: 0.004 (27.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Apereo Opencast — versions 18.0
- Opencast — versions < 17.7, = 18.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Third Party Advisory)
- security-advisories@github.com (Patch, x_refsource_MISC)
- security-advisories@github.com (Patch, x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-55202?
- CVE-2025-55202 is a medium-severity vulnerability in Apereo Opencast, classified under Relative Path Traversal. CVSS score: 5.3/10. Published 2025-08-29.
- How severe is CVE-2025-55202?
- Medium severity. CVSS v3 base score is 5.3 out of 10.