Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-62498

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-23 Oct, 2025 | 21:46
Updated At-24 Oct, 2025 | 14:34
Rejected At-
Credits

AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:23 Oct, 2025 | 21:46
Updated At:24 Oct, 2025 | 14:34
Rejected At:
▼CVE Numbering Authority (CNA)
AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.

Affected Products
Vendor
AutomationDirectAutomationDirect
Product
Productivity Suite
Default Status
unaffected
Versions
Affected
  • From 0 through SW V4.2.1.9 (custom)
Vendor
AutomationDirectAutomationDirect
Product
Productivity 3000 P3-622 CPU
Default Status
unaffected
Versions
Affected
  • From 0 through SW V4.2.1.9 (custom)
Vendor
AutomationDirectAutomationDirect
Product
Productivity 3000 P3-550E CPU
Default Status
unaffected
Versions
Affected
  • From 0 through SW V4.2.1.9 (custom)
Vendor
AutomationDirectAutomationDirect
Product
Productivity 3000 P3-530 CPU
Default Status
unaffected
Versions
Affected
  • From 0 through SW v4.4.1.19 (custom)
Vendor
AutomationDirectAutomationDirect
Product
Productivity 2000 P2-622 CPU
Default Status
unaffected
Versions
Affected
  • From 0 through SW v4.4.1.19 (custom)
Vendor
AutomationDirectAutomationDirect
Product
Productivity 2000 P2-550 CPU
Default Status
unaffected
Versions
Affected
  • From 0 through SW v4.4.1.19 (custom)
Vendor
AutomationDirectAutomationDirect
Product
Productivity 1000 P1-550 CPU
Default Status
unaffected
Versions
Affected
  • From 0 through SW v4.4.1.19 (custom)
Vendor
AutomationDirectAutomationDirect
Product
Productivity 1000 P1-540 CPU
Default Status
unaffected
Versions
Affected
  • From 0 before SW v4.4.1.19 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-23CWE-23
Type: CWE
CWE ID: CWE-23
Description: CWE-23
Metrics
VersionBase scoreBase severityVector
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

AutomationDirect recommends that users do the following: * Update the Productivity Suite programming software to version 4.5.0.x or higher. * Update the firmware of Productivity PLCs to the latest version. https://www.automationdirect.com/support/software-downloads * Although automation networks and systems come equipped with built-in password protection mechanisms, this represents a fraction of the security measures needed to safeguard these systems. * It is imperative that automation control system networks integrate data protection and security measures that match, if not exceed, the robustness of conventional business computer systems. * AutomationDirect advises users of PLCs, HMI products, and SCADA systems to conduct a thorough network security analysis to ascertain the appropriate level of security necessary for their specific application.

Configurations
Workarounds

AutomationDirect has identified the following mitigations for instances where systems cannot be upgraded to the latest version: * Physically disconnect the PLC from any external networks, including the internet, local area networks (LANs), and other interconnected systems. * Configure network segmentation to isolate the PLC from other devices and systems within the organization. * Implement firewall rules or network access control (NAC) policies to block incoming and outgoing traffic to the PLC. * Please refer to AutomationDirect's security considerations https://support.automationdirect.com/docs/securityconsiderations.pdf  for additional information. * If you have any questions regarding this issue, please contact AutomationDirect Technical Support at 770-844-4200 or 800-633-0405 for further assistance.

Exploits
Credits
finder
Luca Borzacchiello of Nozomi Networks reported these vulnerabilities to AutomationDirect.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01
N/A
https://www.automationdirect.com/support/software-downloads
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01
Resource: N/A
Hyperlink: https://www.automationdirect.com/support/software-downloads
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:23 Oct, 2025 | 22:15
Updated At:27 Oct, 2025 | 13:20

A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-23Primaryics-cert@hq.dhs.gov
CWE ID: CWE-23
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.jsonics-cert@hq.dhs.gov
N/A
https://www.automationdirect.com/support/software-downloadsics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01ics-cert@hq.dhs.gov
N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-296-01.json
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.automationdirect.com/support/software-downloads
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01
Source: ics-cert@hq.dhs.gov
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

11Records found
CVE-2025-60023
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 22:21
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.

Action-Not Available
Vendor-AutomationDirect
Product-Productivity 3000 P3-530 CPUProductivity 1000 P1-540 CPUProductivity 2000 P2-622 CPUProductivity 3000 P3-550E CPUProductivity 1000 P1-550 CPUProductivity SuiteProductivity 3000 P3-622 CPUProductivity 2000 P2-550 CPU
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-59776
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 22:17
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.

Action-Not Available
Vendor-AutomationDirect
Product-Productivity 3000 P3-530 CPUProductivity 1000 P1-540 CPUProductivity 2000 P2-622 CPUProductivity 3000 P3-550E CPUProductivity 1000 P1-550 CPUProductivity SuiteProductivity 3000 P3-622 CPUProductivity 2000 P2-550 CPU
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-58429
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.3||HIGH
EPSS-1.22% / 78.92%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 22:12
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.

Action-Not Available
Vendor-AutomationDirect
Product-Productivity 3000 P3-530 CPUProductivity 1000 P1-540 CPUProductivity 2000 P2-622 CPUProductivity 3000 P3-550E CPUProductivity 1000 P1-550 CPUProductivity SuiteProductivity 3000 P3-622 CPUProductivity 2000 P2-550 CPU
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-58456
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.2||HIGH
EPSS-0.10% / 27.02%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 22:05
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.

Action-Not Available
Vendor-AutomationDirect
Product-Productivity 3000 P3-530 CPUProductivity 1000 P1-540 CPUProductivity 2000 P2-622 CPUProductivity 3000 P3-550E CPUProductivity 1000 P1-550 CPUProductivity SuiteProductivity 3000 P3-622 CPUProductivity 2000 P2-550 CPU
CWE ID-CWE-23
Relative Path Traversal
CVE-2025-58078
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.3||HIGH
EPSS-0.38% / 58.92%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 22:09
Updated-27 Oct, 2025 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect Productivity Suite Relative Path Traversal

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine.

Action-Not Available
Vendor-AutomationDirect
Product-Productivity 3000 P3-530 CPUProductivity 1000 P1-540 CPUProductivity 2000 P2-622 CPUProductivity 3000 P3-550E CPUProductivity 1000 P1-550 CPUProductivity SuiteProductivity 3000 P3-622 CPUProductivity 2000 P2-550 CPU
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-25951
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.03% / 9.23%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 22:24
Updated-13 Feb, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FUXA has a Path Traversal Sanitization Bypass

FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences (e.g., ....//), an attacker can write arbitrary files to the server filesystem, including sensitive directories like runtime/scripts. This leads to Remote Code Execution (RCE) when the server reloads the malicious scripts. This vulnerability is fixed in 1.2.11.

Action-Not Available
Vendor-frangoteamfrangoteam
Product-fuxaFUXA
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-23
Relative Path Traversal
CVE-2020-8254
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.8||HIGH
EPSS-1.56% / 81.26%
||
7 Day CHG-0.88%
Published-28 Oct, 2020 | 12:46
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.

Action-Not Available
Vendor-n/aPulse Secure
Product-pulse_secure_desktop_clientPulse Secure Desktop Client
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-48817
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.46%
||
7 Day CHG+0.01%
Published-08 Jul, 2025 | 16:57
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Client Remote Code Execution Vulnerability

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2remote_desktop_clientwindows_server_2022windows_10_1607windows_11_23h2windows_server_2016windows_10_1507windows_server_2025windows_server_2012windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_appwindows_10_1809windows_server_2008windows_11_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Remote Desktop client for Windows DesktopWindows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows App Client for Windows DesktopWindows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2016Windows 10 Version 1809
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-284
Improper Access Control
CVE-2024-35186
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.43% / 62.56%
||
7 Day CHG~0.00%
Published-23 May, 2024 | 08:55
Updated-02 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
gix traversal outside working tree enables arbitrary code execution

gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of confidentiality, integrity, and availability, but creating files outside a working tree without attempting to execute code can directly impact integrity as well. This vulnerability has been patched in version(s) 0.36.0.

Action-Not Available
Vendor-Byronbyron
Product-gitoxidegitoxide
CWE ID-CWE-23
Relative Path Traversal
CVE-2022-23732
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
CVSS Score-8.8||HIGH
EPSS-0.53% / 67.18%
||
7 Day CHG+0.06%
Published-05 Apr, 2022 | 00:10
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections

A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverGitHub Enterprise Server
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2025-26645
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.31% / 54.08%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-13 Feb, 2026 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Client Remote Code Execution Vulnerability

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2remote_desktop_clientwindows_10_21h2windows_server_2022windows_10_1607windows_server_2019windows_server_2008windows_server_2016windows_server_2022_23h2windows_server_2025windows_10_1507windows_11_23h2windows_appwindows_11_22h2windows_10_22h2windows_10_1809Windows Server 2025Remote Desktop client for Windows DesktopWindows Server 2008 R2 Service Pack 1Windows 11 Version 23H2Windows Server 2012 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2019Windows App Client for Windows DesktopWindows Server 2022Windows 10 Version 1607Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 11 version 22H2Windows Server 2012 R2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-23
Relative Path Traversal
CWE ID-CWE-284
Improper Access Control
Details not found