CVE-2025-32807

Published: 2025-04-11T00:15Z

Last Modified: 2025-04-11T00:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt