A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/August829/Yu/blob/main/58ead8e7e08bfb011.md | Broken Link |
| https://github.com/August829/Yu/blob/main/58ead8e7e08bfb012.md | Broken Link |
| https://vuldb.com/?ctiid.323502 | Permissions Required VDB Entry |
| https://vuldb.com/?id.323502 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.641755 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.641757 | Third Party Advisory VDB Entry |
Configurations
History
12 Sep 2025, 15:34
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:kodcloud:kodbox:1.61:*:*:*:*:*:*:* | |
| First Time |
Kodcloud
Kodcloud kodbox |
|
| References | () https://github.com/August829/Yu/blob/main/58ead8e7e08bfb011.md - Broken Link | |
| References | () https://github.com/August829/Yu/blob/main/58ead8e7e08bfb012.md - Broken Link | |
| References | () https://vuldb.com/?ctiid.323502 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.323502 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.641755 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.641757 - Third Party Advisory, VDB Entry |
10 Sep 2025, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-10 23:15
Updated : 2025-09-12 15:34
NVD link : CVE-2025-10233
Mitre link : CVE-2025-10233
CVE.ORG link : CVE-2025-10233
JSON object : View
Products Affected
kodcloud
- kodbox
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')