Vulnerability DatabaseCVE-2019-25097

CVE-2019-25097:
Linux Ubuntu vulnerability analysis and mitigation

Overview

A critical path traversal vulnerability was identified in soerennb eXtplorer versions up to 2.1.12, affecting the Directory Content Handler component. The vulnerability was assigned CVE-2019-25097 and was disclosed on January 5, 2023. The issue impacts the directory content handling functionality of the application (NVD).

Technical details

The vulnerability has been assessed with a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'). The vulnerability allows manipulation of path traversal in the Directory Content Handler component (NVD).

Impact

The vulnerability could allow attackers to perform path traversal attacks, potentially accessing files and directories outside of the intended directory structure. This could lead to unauthorized access to sensitive files and potential system compromise (Github Patch).

Mitigation and workarounds

The vulnerability has been fixed in version 2.1.13 of eXtplorer. Users are recommended to upgrade to this version to address the security issues. The fix is implemented through patch b8fcb888f4ff5e171c16797a4b075c6c6f50bf46 (Github Release, Github Patch).

Additional resources

Source: This report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-24528	HIGH	7.1	Kerberos	krb5-pkinit-openssl	No	Yes	Jan 16, 2026
CVE-2025-24531	MEDIUM	6.7	Linux Debian	pam-pkcs11	No	Yes	Jan 16, 2026
CVE-2025-43904	MEDIUM	4.2	Linux Debian	libnss_slurm2_24_11	No	Yes	Jan 16, 2026
CVE-2025-71144	N/A	N/A	Linux Debian	linux	No	Yes	Jan 14, 2026
CVE-2025-71143	N/A	N/A	Linux Debian	linux-aws	No	No	Jan 14, 2026