CVE-2025-49466

Summary

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,

Affected Software

VendorProductVersion RangeStatus
rjarryaerc0 < 93bec0de8ed5ab3d6b1f01026fe2ef20fa154329affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References