Vulnerabilities

CVE-2025-66905

by Fred · 19/12/2025

The Takes web framework’s TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system.

More information : https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66905_report.md

Similar

Tags: Cybersecurity Alert