Platform
other
Component
im-server
Fixed in
1.4.4
CVE-2025-66480 is a critical directory traversal vulnerability affecting Wildfire IM Server versions up to 1.4.3. This flaw resides within the file upload functionality, allowing attackers to potentially access sensitive files on the server. The vulnerability stems from insufficient sanitization of filenames during the upload process. A patch is available in version 1.4.3.
The directory traversal vulnerability in Wildfire IM Server allows an attacker to bypass intended file access restrictions. By crafting malicious filenames containing directory traversal sequences (e.g., ../), an attacker can manipulate the upload process to read files outside of the intended upload directory. This could lead to the exposure of sensitive configuration files, source code, or even system files. The potential impact is severe, as an attacker could gain a deeper understanding of the server's infrastructure and potentially escalate their access. Successful exploitation could mirror the impact of similar directory traversal vulnerabilities observed in other applications, where attackers have gained unauthorized access to critical system resources.
CVE-2025-66480 has been publicly disclosed on 2026-02-02. The vulnerability's severity is rated as CRITICAL (CVSS 9.8). Currently, there are no known public proof-of-concept exploits available, but the ease of exploitation makes it a potential target for opportunistic attackers. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.25% (48% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-66480 is to immediately upgrade Wildfire IM Server to version 1.4.3 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting file upload access to trusted users only, implementing strict filename validation on the server-side to strip out directory traversal sequences, and configuring a Web Application Firewall (WAF) to block requests containing suspicious filenames. Regularly monitor file system access logs for unusual activity. After upgrading, verify the fix by attempting a file upload with a malicious filename containing directory traversal sequences (e.g., ../../../../etc/passwd) to ensure the upload is rejected.
Update Wildfire IM Server to version 1.4.3 or higher. This version contains the fix for the arbitrary file upload via directory traversal vulnerability. The update will prevent Remote Code Execution (RCE) on the server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-66480 is a critical vulnerability in Wildfire IM Server versions up to 1.4.3 that allows attackers to read arbitrary files by manipulating file uploads.
You are affected if you are running Wildfire IM Server versions prior to 1.4.3 and have not yet applied the patch.
Upgrade Wildfire IM Server to version 1.4.3 or later. As a temporary workaround, restrict file upload access and implement strict filename validation.
While no public exploits are currently known, the ease of exploitation makes it a potential target for attackers.
Refer to the vendor's security advisory for Wildfire IM Server, which should be available on their official website or security mailing list.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.