CVE-2025-29865

Summary

: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal.This issue affects X-Free Uploader: from 1.0.1.0084 before 1.0.1.0085, from 2.0.1.0034 before 2.0.1.0035.

Affected Software

VendorProductVersion RangeStatus
TAGFREEX-Free Uploader1.0.1.0084 < 1.0.1.0085affected
TAGFREEX-Free Uploader2.0.1.0034 < 2.0.1.0035affected

Weaknesses

  • CWE-22: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References