CVE-2025-0332 HIGH

CVE-2025-0332: Progress UI for WinForms decompression path traversal vulnerability

Vendor Progress Software
Product Progress® Telerik® UI for WinForms
Weakness CWE-22 · Path traversal
Published February 12, 2025
Last update February 12, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.

Key dates

02Disclosure timeline

February 12, 2025 CVE published
February 12, 2025 Record updated