Path Traversal in Tum-dev Navigatum

CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories w…

EPSS: 0.001 (19.1th percentile) — read the EPSS interpretation.

Affected products

Tum-dev Navigatum — versions < 86f34c72886a59ec8f1e6c00f78a5ab889a70fd0

Weakness classification (CWE)

References

https://github.com/TUM-Dev/NavigaTUM/security/advisories/GHSA-59hj-f48w-hjfm (x_refsource_CONFIRM)
https://github.com/TUM-Dev/NavigaTUM/pull/2650 (x_refsource_MISC)
https://github.com/TUM-Dev/NavigaTUM/commit/86f34c72886a59ec8f1e6c00f78a5ab889a70fd0 (x_refsource_MISC)