CVE-2025-10233

A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link Resource
https://github.com/August829/Yu/blob/main/58ead8e7e08bfb011.md Broken Link
https://github.com/August829/Yu/blob/main/58ead8e7e08bfb012.md Broken Link
https://vuldb.com/?ctiid.323502 Permissions Required VDB Entry
https://vuldb.com/?id.323502 Third Party Advisory VDB Entry
https://vuldb.com/?submit.641755 Third Party Advisory VDB Entry
https://vuldb.com/?submit.641757 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:kodcloud:kodbox:1.61:*:*:*:*:*:*:*

History

12 Sep 2025, 15:34

Type Values Removed Values Added
First Time Kodcloud kodbox
Kodcloud
CPE cpe:2.3:a:kodcloud:kodbox:1.61:*:*:*:*:*:*:*
References () https://github.com/August829/Yu/blob/main/58ead8e7e08bfb011.md - () https://github.com/August829/Yu/blob/main/58ead8e7e08bfb011.md - Broken Link
References () https://github.com/August829/Yu/blob/main/58ead8e7e08bfb012.md - () https://github.com/August829/Yu/blob/main/58ead8e7e08bfb012.md - Broken Link
References () https://vuldb.com/?ctiid.323502 - () https://vuldb.com/?ctiid.323502 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.323502 - () https://vuldb.com/?id.323502 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.641755 - () https://vuldb.com/?submit.641755 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.641757 - () https://vuldb.com/?submit.641757 - Third Party Advisory, VDB Entry

10 Sep 2025, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-10 23:15

Updated : 2025-09-12 15:34


NVD link : CVE-2025-10233

Mitre link : CVE-2025-10233

CVE.ORG link : CVE-2025-10233


JSON object : View

Products Affected

kodcloud

  • kodbox
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')