Directory Traversal Vulnerability in Allegra DatabaseBackupBL by Allegra
CVE-2025-11466

4.9MEDIUM

Key Information:

Vendor: Allegra
Status: Allegra
Vendor: CVE Published:; 29 October 2025

🔔 Create Allegra Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2025-11466?

The Directory Traversal vulnerability in Allegra's DatabaseBackupBL allows authenticated remote attackers to exploit the flawed validation of user-supplied paths. This oversight enables them to traverse directories and disclose sensitive information related to the service account. Proper security measures and updating to the latest software versions are crucial to mitigate this risk.

Affected Version(s)

Allegra 8.1.3.32

News Articles

systemtek.co.uk

Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability (CVE-2025-11466)

- This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra.

thmubnail image

References

https://www.zerodayinitiative.com/advisories/ZDI-25-951/

x_research-advisory

https://alltena.com/en/resources/release-notes/release-no...

vendor-advisory

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.0

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
📰
First article discovered by systemtek.co.uk
Oct 9, 2025
Vulnerability Reserved
Oct 7, 2025

CVE-2025-11466 Data

.