Path Traversal Vulnerability in reggie 1.0 by 1902756969
CVE-2025-0401

Currently unrated

Key Information:

Vendor
1902756969
Vendor
CVE Published:
13 January 2025

Badges

📈 Score: 778👾 Exploit Exists🟡 Public PoC

What is CVE-2025-0401?

CVE-2025-0401 represents a critical vulnerability in the reggie 1.0 software developed by vendor 1902756969. This software is typically utilized for handling various tasks related to application management, which makes it integral for many organizations. The vulnerability is categorized as a path traversal issue, which can be exploited remotely by attackers. If successfully executed, it can enable unauthorized file access, posing significant risks that can negatively impact the confidentiality and integrity of sensitive organizational data.

Technical Details

The vulnerability is located in the download function within the CommonController.java file of the reggie 1.0 application. It arises from improper handling of user-supplied input, specifically the manipulation of the argument name. This flaw can lead to path traversal attacks, where an attacker could gain access to the file system and read files outside of the intended directory, thereby compromising the application’s security framework.

Potential Impact of CVE-2025-0401

  1. Unauthorized Data Access: The primary impact of CVE-2025-0401 is the potential for unauthorized access to sensitive files on the server. This could lead to data breaches where attackers gain access to confidential information held by the organization.

  2. System Compromise: Exploitation of this vulnerability can lead to the overall compromise of the affected system. An attacker could not only access sensitive files but may also manipulate or delete critical data, leading to systemic operational issues.

  3. Increased Attack Surface: By allowing remote exploitation, this vulnerability broadens the attack surface for organizations using reggie 1.0. This can make it easier for malicious actors to automate attacks, potentially leading to cascading security incidents across interconnected systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

.