CVE-2025-69601 — MEDIUM (6.5)

Vulnerability Description

A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences (e.g., ../) in ZIP entries to write files outside the intended extraction directory. This allows static files (html, js, css, images) file write to unintended locations, or overwriting existing HTML files, potentially leading to content defacement and, in certain deployments, further impact if sensitive files are overwritten.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Altumcode	66Biolinks	44.0.0

Related Weaknesses (CWE)

CWE-22

References

https://gist.github.com/Waqar-Arain/9cd59aa74de540eeb3b09d15bac35e36ExploitThird Party Advisory

FAQ

What is CVE-2025-69601?

CVE-2025-69601 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizi...

How severe is CVE-2025-69601?

CVE-2025-69601 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-69601?

Check the references section above for vendor advisories and patch information. Affected products include: Altumcode 66Biolinks.