CVE-2025-5993

Vulnerability Description

ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.

Related Weaknesses (CWE)

CWE-22

References

https://cert.pl/posts/2025/07/CVE-2025-5993
https://itcube.pl/modul-crm

FAQ

What is CVE-2025-5993?

CVE-2025-5993 is a documented vulnerability. ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to...

How severe is CVE-2025-5993?

CVSS scoring is not yet available for CVE-2025-5993. Check NVD for updates.

Is there a patch for CVE-2025-5993?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.