Path Traversal in Itcube Software Crm
CVE-2025-5993
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the th…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.006 (42.5th percentile) — read the EPSS interpretation.
Affected products
- Itcube Software Crm — versions 2023.2
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)