CVE-2025-30343
LOWDescription
A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or folder as a relative or absolute path (e.g., ../../../etc/passwd), the ZIP archive generated for download converts that title into a path. Depending on the extraction tool used by the user, this might overwrite files locally outside of the chosen directory.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| openslides | openslides |
References
Frequently Asked Questions
What is CVE-2025-30343? +
How severe is CVE-2025-30343? +
What products are affected by CVE-2025-30343? +
How do I check if I'm vulnerable to CVE-2025-30343? +
Related Vulnerabilities
Webmin before 2.640 does not safely construct a filename for saving of an attachment within the mailboxes component. This occurs …
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the …
Emlog Pro 2.5.20 has an arbitrary file deletion vulnerability. This vulnerability stems from the admin/template.php component and the admin/plugin.php component. …
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, …
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in …
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller …