CVE-2025-67223
HIGHDescription
The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and bypass access controls to download sensitive documents containing PII.
Is your site exposed to CVE-2025-67223?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-67223? +
How severe is CVE-2025-67223? +
How do I check if I'm vulnerable to CVE-2025-67223? +
Related Vulnerabilities
Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set …
Products for macOS enables a user logged on to the system to perform a denial-of-service attack, which could be misused …
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to …
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contains an Insecure Temporary File vulnerability. A low privileged attacker …
Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) …
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is …