CVE-2025-55295 in qbit_manageinfo

Summary

by MITRE • 08/19/2025

qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbit_manage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restore_config_from_backup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the server filesystem by manipulating the backup_id parameter with path traversal sequences (e.g., ../). This vulnerability is fixed in 4.5.4.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 08/19/2025

The qbit_manage tool serves as an automated management solution for qbittorrent clients, providing users with enhanced control over their torrent operations through a web-based interface. This tool facilitates tasks such as backup management, automated downloads, and configuration handling, making it an integral component for users who rely on automated torrent management workflows. The web API exposed by qbit_manage enables remote interaction with these features, creating a surface area for potential security exploitation.

The vulnerability manifests within the restore_config_from_backup endpoint of qbit_manage's web API, where insufficient input validation allows authenticated users to manipulate the backup_id parameter through path traversal sequences. This flaw specifically affects the file system access controls implemented by the application, enabling attackers to bypass directory restrictions that should normally prevent access to arbitrary files on the server. The vulnerability is particularly concerning as it requires only authentication to exploit, meaning that any user with valid credentials can potentially access sensitive files that should remain protected.

The technical implementation of this path traversal vulnerability stems from improper sanitization of user-supplied input within the backup_id parameter handling. When attackers supply malicious input containing sequences such as ../ or similar path traversal patterns, the application fails to properly validate or sanitize these inputs before using them to construct file system paths. This allows the application to interpret the traversal sequences as legitimate path navigation commands rather than malicious input, resulting in unauthorized file access. The vulnerability is classified as a directory traversal attack pattern that directly violates security controls designed to maintain file system isolation.

The operational impact of this vulnerability extends beyond simple file reading capabilities, as it could potentially expose sensitive configuration files, user credentials, system logs, or other confidential data stored on the server. Attackers could leverage this vulnerability to gain insights into the system's configuration, potentially identifying other security weaknesses or gathering information for further exploitation. The authenticated nature of the attack means that the vulnerability could be exploited by insiders or compromised accounts, making it particularly dangerous in environments where multiple users have access to the system. This type of vulnerability aligns with CWE-22 Path Traversal and follows attack patterns documented in the ATT&CK framework under T1083 File and Directory Discovery and T1566 Credential Access.

Mitigation strategies for this vulnerability should focus on implementing robust input validation and sanitization mechanisms within the web API endpoints. The application must properly validate all user-supplied input, particularly parameters used in file system operations, by implementing strict whitelisting of acceptable values or comprehensive sanitization routines. The fix implemented in version 4.5.4 demonstrates the importance of proper parameter validation and directory traversal prevention techniques. Organizations should also implement principle of least privilege access controls, ensuring that only necessary users have access to the web API endpoints. Additionally, regular security auditing of web applications, including code reviews focused on input validation and file system access patterns, can help identify similar vulnerabilities before they can be exploited. Network segmentation and monitoring of API access patterns can provide additional layers of defense against exploitation attempts.

Responsible

GitHub M

Reservation

08/12/2025

Disclosure

08/19/2025

Moderation

accepted

CPE

ready

EPSS

0.00458

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!