How severe is CVE-2025-1599?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2025-1599?

This is classified as CWE-23, which is a common weakness in software security.

CVE-2025-1599 - MEDIUM Severity | CVSS 9.1

Vulnerability Description

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2020-10619

CRITICAL

CVSS:9.1(Critical)

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

CWE-232020

CVE-2020-4039

CRITICAL

CVSS:9.1(Critical)

SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Server before version d27ed0f has a directory traversal vulnerability due to insufficient input validation. Any admin config and file ...

CWE-232020

CVE-2020-8570

CRITICAL

CVSS:9.1(Critical)

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a malici...

CWE-232020

CVE-2021-24035

CRITICAL

CVSS:9.1(Critical)

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite Wha...

CWE-232021

CVE-2021-32825

CRITICAL

CVSS:9.1(Critical)

bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbo...

CWE-232021

CVE-2024-47051

CRITICAL

CVSS:9.1(Critical)

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) vi...

CWE-232024