CVE-2025-67083

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67083

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67083.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67083

Published

2026-01-15T15:15:51.313Z

Modified

2026-03-13T03:41:58.533471Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration.

References

Affected packages

Git / github.com/invoiceplane/invoiceplane

Affected ranges

Type

GIT

Repo

https://github.com/invoiceplane/invoiceplane

Events

Introduced

Fixed

add8bb798dde621f886823065ef1841986543c69

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.4"
        }
    ]
}

Affected versions

0.*

0.9beta

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.4.1

v1.4.10

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v1.5.0

v1.5.0-beta.1

v1.5.0-beta.2

v1.5.0-beta.3

v1.5.0-beta.4

v1.5.1

v1.5.10

v1.5.11

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.6-beta

v1.6-beta-1

v1.6-beta-2

v1.6-beta-3

v1.6.0

v1.6.1

v1.6.1-alpha-1

v1.6.1-beta-1

v1.6.1-beta-2

v1.6.1-beta-3

v1.6.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67083.json"