CVE-2025-11569 in cross-zipinfo

Zusammenfassung

von MITRE • 10.10.2025

All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Snyk

Reservieren

09.10.2025

Veröffentlichung

10.10.2025

Moderieren

zurückgezogen

Eintrag

VDB-327822

CPE

bereit

CWE

CWE-22 (bestätigt)

CVSS

7.5 (CNA)

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-11569
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-11569
CVE Details	https://www.cvedetails.com/cve/CVE-2025-11569/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!