Vulnerabilities

CVE-2025-50735

by Fred · 03/11/2025

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.

More information : https://github.com/ChatGPTNextWeb/NextChat/blob/main/app/api/webdav/%5B…path%5D/route.ts

Similar

Tags: Cybersecurity Alert