Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-55202
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-29 Aug, 2025 | 16:15
Updated At-03 Sep, 2025 | 16:09

Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.02.7LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 2.7
Base severity: LOW
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
apereo
apereo
>>opencast>>Versions before 17.7(exclusive)
cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*
apereo
apereo
>>opencast>>18.0
cpe:2.3:a:apereo:opencast:18.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-23Primarysecurity-advisories@github.com
CWE ID: CWE-23
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/opencast/opencast/commit/e2cc65d6fbe052ebb71d9f6b583bb54b181af009security-advisories@github.com
Patch
https://github.com/opencast/opencast/pull/6979security-advisories@github.com
Patch
https://github.com/opencast/opencast/security/advisories/GHSA-hq8m-v68g-8cf8security-advisories@github.com
Third Party Advisory
Hyperlink: https://github.com/opencast/opencast/commit/e2cc65d6fbe052ebb71d9f6b583bb54b181af009
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/opencast/opencast/pull/6979
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/opencast/opencast/security/advisories/GHSA-hq8m-v68g-8cf8
Source: security-advisories@github.com
Resource:
Third Party Advisory
Change History
0Changes found
Details not found