CVE-2026-25575

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-25575

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25575.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-25575

Aliases

GHSA-59hj-f48w-hjfm

Published

2026-02-04T21:54:38.258Z

Modified

2026-04-02T13:25:27.967471Z

Severity

8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality

Details

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the propose_edits endpoint allows unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn). By supplying unsanitized file keys containing traversal sequences (e.g., ../../) in the JSON payload, an attacker can escape the intended temporary directory and replace public facing images or fill the server's storage. This issue has been patched via commit 86f34c7.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25575.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-23",
        "CWE-26"
    ]
}

References

Affected packages

Git / github.com/tum-dev/navigatum

Affected ranges

Type: GIT
Repo: https://github.com/tum-dev/navigatum
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

86f34c72886a59ec8f1e6c00f78a5ab889a70fd0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-25575.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2026-02-03"
            }
        ]
    }
]