Back to search
CVE-2025-5993
Published: Sep 8, 2025
Modified: Sep 8, 2025
PUBLISHED
Description
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.
| Vendor | Product | Versions |
|---|---|---|
ITCube Software | ITCube CRM | affected 2023.2 - <= 2025.2 |
Weaknesses (CWE)
References
https://cert.pl/posts/2025/07/CVE-2025-5993
third-party-advisory
https://itcube.pl/modul-crm
product
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now