CVE-2025-32807
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-32807
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32807.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-32807
- Related
- Published
- 2025-04-11T00:15:27Z
- Modified
- 2025-04-11T22:57:54.302252Z
- Summary
- [none]
- Details
-
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.
- References
-
- https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/Changelog.md?plain=1#L112
- https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/blob/e9304844fb5c8ce4a9af9e26858af5e22e15b9bd/include/class_IconTheme.inc#L233-237
- https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/commit/9edefd0b367450d665a141c5e94db8a06d208556
- https://security-tracker.debian.org/tracker/CVE-2025-32807
Affected packages
Debian:11 / fusiondirectory
Package
- Name
- fusiondirectory
- Purl
- pkg:deb/debian/fusiondirectory?arch=source
Git / gitlab.fusiondirectory.org/fusiondirectory/fd
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.fusiondirectory.org/fusiondirectory/fd
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
fusiondirectory-1.*
fusiondirectory-1.0
fusiondirectory-1.0.1
fusiondirectory-1.0.10
fusiondirectory-1.0.11
fusiondirectory-1.0.12
fusiondirectory-1.0.13
fusiondirectory-1.0.14
fusiondirectory-1.0.15
fusiondirectory-1.0.16
fusiondirectory-1.0.17
fusiondirectory-1.0.18
fusiondirectory-1.0.19
fusiondirectory-1.0.2
fusiondirectory-1.0.20
fusiondirectory-1.0.3
fusiondirectory-1.0.4
fusiondirectory-1.0.5
fusiondirectory-1.0.6
fusiondirectory-1.0.7
fusiondirectory-1.0.7.1
fusiondirectory-1.0.7.2
fusiondirectory-1.0.7.3
fusiondirectory-1.0.7.4
fusiondirectory-1.0.8
fusiondirectory-1.0.8.1
fusiondirectory-1.0.8.2
fusiondirectory-1.0.8.3
fusiondirectory-1.0.8.4
fusiondirectory-1.0.8.5
fusiondirectory-1.0.8.6
fusiondirectory-1.0.8.7
fusiondirectory-1.0.8.8
fusiondirectory-1.0.8.9
fusiondirectory-1.0.9
fusiondirectory-1.0.9.1
fusiondirectory-1.0.9.2
fusiondirectory-1.0.9.3
fusiondirectory-1.1
fusiondirectory-1.1.1
fusiondirectory-1.2
fusiondirectory-1.2.1
fusiondirectory-1.2.2
fusiondirectory-1.2.3
fusiondirectory-1.3
fusiondirectory-1.3.1
fusiondirectory-1.4