vulnerability
Apache OFBiz: CVE-2024-25065: Path Traversal vulnerability.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Feb 28, 2024 | Dec 23, 2024 | Nov 28, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
Feb 28, 2024
Added
Dec 23, 2024
Modified
Nov 28, 2025
Description
Possible path traversal in apache ofbiz allowing authentication bypass. users are recommended to upgrade to version 18.12.12, that fixes the issue.
Solution
apache-ofbiz-upgrade-latest
References
- CWE-22
- CVE-2024-25065
- https://attackerkb.com/topics/CVE-2024-25065
- URL-http://www.openwall.com/lists/oss-security/2024/02/28/10
- URL-https://issues.apache.org/jira/browse/OFBIZ-12887
- URL-https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc
- URL-https://ofbiz.apache.org/download.html
- URL-https://ofbiz.apache.org/release-notes-18.12.12.html
- URL-https://ofbiz.apache.org/security.html
- URL-https://github.com/apache/ofbiz-framework/commit/b91a9b7f26
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.