CVE-2025-2305

Summary

A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from the Linux server.

Affected Software

VendorProductVersion RangeStatus
SYNCPILOTLIVE CONTRACT3 < 5.4.12affected
SYNCPILOTLIVE CONTRACT5.5 < 5.5.4affected
SYNCPILOTLIVE CONTRACT5.6 < 5.6.3affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References