CVE-2025-55214: 
Python vulnerability analysis and mitigation

A Local File Inclusion vulnerability was discovered in dhtmlxFileExplorer v.8.4.6 that allows remote attackers to obtain sensitive information through the file download functionality. The vulnerability was disclosed on February 7, 2025, and was assigned identifier CVE-2024-55214. The vulnerability affects dhtmlxFileExplorer installations up to version 8.4.6 (MITRE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'). This indicates that the vulnerability allows attackers with adjacent network access to exploit the flaw without requiring privileges or user interaction, potentially leading to high confidentiality impact (CISA-ADP).

The vulnerability allows attackers to obtain sensitive information through the file download functionality. The CVSS metrics indicate a high impact on confidentiality (C:H) while maintaining no impact on integrity (I:N) or availability (A:N) of the affected system (CISA-ADP).

Users should upgrade to a version newer than dhtmlxFileExplorer v.8.4.6. The vendor has released security updates to address this vulnerability (DHTMLX).