CVE-2025-55202 LOW

CVE-2025-55202: Opencast has a partial path traversal vulnerability in UI config

Vendor Opencast
Product opencast
Weakness CWE-23
Published August 29, 2025
Last update August 29, 2025
View on NVD All CVEs

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder.

Key dates

02Disclosure timeline

August 29, 2025 CVE published
August 29, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-0822 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter CVE-2024-47637 WordPress LiteSpeed Cache plugin <= 6.4.1 - Path Traversal vulnerability CVE-2025-11898 Flowring Technology|Agentflow - Arbitrary File Reading through Path Traversal CVE-2025-58429 AutomationDirect Productivity Suite Relative Path Traversal CVE-2023-6825 File Manager And File Manager Pro (Multiple Versions) - Directory Traversal