CVE-2025-13879 MEDIUM

CVE-2025-13879: Directory traversal vulnerability in EfficientIP's SOLIDserver IPAM

Vendor Solidserver
Product SOLIDserver IPAM
Weakness CWE-22 · Path traversal
Published December 2, 2025
Last update December 2, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Directory traversal vulnerability in SOLIDserver IPAM v8.2.3. This vulnerability allows an authenticated user with administrator privileges to list directories other than those to which the have authorized access using the 'directory' parameter in '/mod/ajax.php?action=sections/list/list'.For examplem setting the 'directory' parameter to '/' displays files outside the 'LOCAL:///' folder.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated