DEBIAN-CVE-2025-32807

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2025-32807

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-32807.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-32807

Upstream

CVE-2025-32807

Published

2025-04-11T00:15:27Z

Modified

2025-09-18T05:18:06Z

Summary

[none]

Details

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.

References

https://security-tracker.debian.org/tracker/CVE-2025-32807

Affected packages

Debian:11 / fusiondirectory

Package

Name: fusiondirectory
Purl: pkg:deb/debian/fusiondirectory?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}