Vulnerability Description
qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbit_manage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restore_config_from_backup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the server filesystem by manipulating the backup_id parameter with path traversal sequences (e.g., ../). This vulnerability is fixed in 4.5.4.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/StuffAnThings/qbit_manage/releases/tag/v4.5.4
- https://github.com/StuffAnThings/qbit_manage/security/advisories/GHSA-vh56-26wq-
FAQ
What is CVE-2025-55295?
CVE-2025-55295 is a vulnerability with a CVSS score of 6.5 (MEDIUM). qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbit_manage's web API that allows authenticated users to read arbitrary...
How severe is CVE-2025-55295?
CVE-2025-55295 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55295?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.