Path Traversal Vulnerability in Progress Telerik UI for WinForms
CVE-2025-0332

9.8CRITICAL

Key Information:

Vendor: Progress Software
Status: Progress® Telerik® Ui For Winforms
Vendor: CVE Published:; 12 February 2025

Summary

A vulnerability exists in Progress Telerik UI for WinForms that arises from improper limitations of target paths. This issue can allow an attacker to decompress an archive's content into a restricted directory, potentially exposing sensitive information and compromising system integrity. Users of affected versions should update to 2025 Q1 (2025.1.211) to mitigate this risk.

Affected Version(s)

Progress® Telerik® UI for WinForms Windows 1.0.0

References

https://docs.telerik.com/devtools/winforms/knowledge-base...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Jan 8, 2025