CVE-2024-25065

CVE-2024-25065: Apache OFBiz: Path traversal allowing authentication bypass.

Vendor Apache Software Foundation
Product Apache OFBiz
Weakness CWE-22 · Path traversal
Published February 28, 2024
Last update February 13, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.

Key dates

Disclosure timeline

February 28, 2024 CVE published
February 13, 2025 Record updated