CVE-2025-10245

Summary

A security flaw has been discovered in Display Painéis TGA up to 7.1.41. Affected by this issue is some unknown functionality of the file /gallery/rename of the component Galeria Page. The manipulation of the argument current_folder results in path traversal. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
Display PainéisTGA7.1.0affected
Display PainéisTGA7.1.1affected
Display PainéisTGA7.1.2affected
Display PainéisTGA7.1.3affected
Display PainéisTGA7.1.4affected
Display PainéisTGA7.1.5affected
Display PainéisTGA7.1.6affected
Display PainéisTGA7.1.7affected
Display PainéisTGA7.1.8affected
Display PainéisTGA7.1.9affected
Display PainéisTGA7.1.10affected
Display PainéisTGA7.1.11affected
Display PainéisTGA7.1.12affected
Display PainéisTGA7.1.13affected
Display PainéisTGA7.1.14affected
Display PainéisTGA7.1.15affected
Display PainéisTGA7.1.16affected
Display PainéisTGA7.1.17affected
Display PainéisTGA7.1.18affected
Display PainéisTGA7.1.19affected
Display PainéisTGA7.1.20affected
Display PainéisTGA7.1.21affected
Display PainéisTGA7.1.22affected
Display PainéisTGA7.1.23affected
Display PainéisTGA7.1.24affected
Display PainéisTGA7.1.25affected
Display PainéisTGA7.1.26affected
Display PainéisTGA7.1.27affected
Display PainéisTGA7.1.28affected
Display PainéisTGA7.1.29affected
Display PainéisTGA7.1.30affected
Display PainéisTGA7.1.31affected
Display PainéisTGA7.1.32affected
Display PainéisTGA7.1.33affected
Display PainéisTGA7.1.34affected
Display PainéisTGA7.1.35affected
Display PainéisTGA7.1.36affected
Display PainéisTGA7.1.37affected
Display PainéisTGA7.1.38affected
Display PainéisTGA7.1.39affected
Display PainéisTGA7.1.40affected
Display PainéisTGA7.1.41affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References