CVE-2025-27445

Summary

A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files

Affected Software

VendorProductVersion RangeStatus
rsjoomla.comRSFirewall component for Joomla2.9.7-3.1.5affected

Weaknesses

  • CWE-35: CWE-35: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References