A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. Using CWE to declare the problem leads to CWE-22. The weakness was presented 01/06/2023 as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. The advisory is available at github.com. This vulnerability was named CVE-2019-25099. Access to the local network is required for this attack. Technical details are available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1006 by the MITRE ATT&CK project. It is declared as not defined. As 0-day the estimated underground price was around $0-$5k. The patch is identified as ea4f61e23ecb83247d174bc2e2cbab521c751a7d. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.