Path Traversal Vulnerability in DVDFab 12 Player
CVE-2022-25216

7.5HIGH

Key Information:

Vendor: Dvdfab
Status: Dvdfab 12 Player / Playerfab
Vendor: CVE Published:; 11 March 2022

What is CVE-2022-25216?

The vulnerability in DVDFab 12 Player, also known as PlayerFab, allows remote attackers to exploit an absolute path traversal flaw. By constructing a specific HTTP GET request to the server, attackers can retrieve any file accessible to the user account running the application, provided the file permissions allow reading. This issue poses significant risks as it can expose sensitive files from the Windows file system to unauthorized users.

Affected Version(s)

DVDFab 12 Player / PlayerFab 6.2.1.0 - 7.0.0.5

References

https://www.tenable.com/security/research/tra-2022-07

x_refsource_MISC

EPSS Score

76% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2022
Vulnerability Reserved
Feb 15, 2022

CVE-2022-25216 Data

JSON

Dvdfab

What is CVE-2022-25216?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline