216.73.216.133

CVE-2025-11569

· Published 10/10/2025 05:15 · Modified 10/10/2025 05:15

Labels: CVE-2025-11569 2025-10-10CVE-2025-11569CWE-22[email protected]

Essential information

Published
10/10/2025 05:15
Modified
10/10/2025 05:15
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cross-zip / cross-zip cpe:2.3:a:cross-zip:cross-zip:*:*:*:*:*:*:*:*

References