Path Traversal Vulnerability in DSpace Open Source Repository Software
CVE-2025-53622

5.2MEDIUM

Key Information:

Vendor: Dspace
Status: Dspace
Vendor: CVE Published:; 15 July 2025

What is CVE-2025-53622?

DSpace is an open source digital repository application that allows for durable access to digital resources. Versions prior to 7.6.4, 8.2, and 9.1 are vulnerable to a path traversal exploit during archive imports. An attacker could create a malicious Simple Archive Format (SAF) package, which might reference system files by using relative paths, allowing unauthorized access to sensitive content or configurations on the server. To mitigate this risk, it's crucial that administrators examine any SAF archives imported from external sources, ensuring that the 'contents' file does not point to files outside of the intended archive. Immediate upgrading is recommended, but those unable to upgrade can apply a manual patch as a temporary measure.

Affected Version(s)

DSpace < 7.6.4 < 7.6.4

DSpace >= 8.0, < 8.2 < 8.0, 8.2

DSpace >= 9.0, < 9.1 < 9.0, 9.1

References

https://github.com/DSpace/DSpace/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/DSpace/DSpace/pull/11036

x_refsource_MISC

https://github.com/DSpace/DSpace/pull/11036.patch

x_refsource_MISC

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2025
Vulnerability Reserved
Jul 7, 2025

Dspace

What is CVE-2025-53622?

Affected Version(s)

References

CVSS V3.1

Timeline