What the vulnerability does
01Description
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
CVSS base score
3.5/10
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Key dates
02Disclosure timeline
April 28, 2025
CVE published
April 28, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete
CVE-2025-8464 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.0 - Directory Traversal via `wpcf7_guest_user_id` Cookie
CVE-2026-5966 TeamT5|ThreatSonar Anti-Ransomware - Arbitrary File Deletion
CVE-2019-3943
CVE-2024-38258 Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
