CVE-2025-26357

Summary

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests.

Affected Software

VendorProductVersion RangeStatus
Q-FreeMaxTime0 <= 2.11.0affected

Weaknesses

  • CWE-35: CWE-35 Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References