CVE-2025-8054

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opentext:xm_fax:24.2:*:*:*:*:*:*:*

History

27 Feb 2026, 23:54

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de Limitación Inadecuada de un Nombre de Ruta a un Directorio Restringido ('Salto de Ruta') en OpenText™ XM Fax permite el Salto de Ruta. La vulnerabilidad podría permitir a un atacante divulgar arbitrariamente el contenido de archivos en el sistema de archivos local. Este problema afecta a XM Fax: 24.2.
References	~~() https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038 -~~	() https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038 - Vendor Advisory
CPE		cpe:2.3:a:opentext:xm_fax:24.2:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Opentext Opentext xm Fax

19 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-19 23:16

Updated : 2026-02-27 23:54

NVD link : CVE-2025-8054

Mitre link : CVE-2025-8054

CVE.ORG link : CVE-2025-8054

JSON object : View

Products Affected

opentext

xm_fax

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2025-8054", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 7.1, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:A/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-19T23:16:15.290", "references": [{"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated&sysparm_article=KB0847038", "tags": ["Vendor Advisory"], "source": "security@opentext.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText\u2122 XM Fax allows Path Traversal.\u00a0\n\nThe vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem.\u00a0This issue affects XM Fax: 24.2."}, {"lang": "es", "value": "La vulnerabilidad de Limitaci\u00f3n Inadecuada de un Nombre de Ruta a un Directorio Restringido ('Salto de Ruta') en OpenText\u2122 XM Fax permite el Salto de Ruta. La vulnerabilidad podr\u00eda permitir a un atacante divulgar arbitrariamente el contenido de archivos en el sistema de archivos local. Este problema afecta a XM Fax: 24.2."}], "lastModified": "2026-02-27T23:54:16.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opentext:xm_fax:24.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FF67468-462A-49E1-90EA-35E20561AD4C"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}