What is CVE-2025-55202 — Path Traversal in OpenCast UI Configuration?

CVE-2025-55202 is a Path Traversal vulnerability affecting OpenCast UI Configuration versions up to 9.9, allowing potential access to files in adjacent directories under specific conditions.

Am I affected by CVE-2025-55202 in OpenCast UI Configuration?

You are affected if you are using OpenCast UI Configuration version 9.9 or earlier. Upgrade to version 17.7 to mitigate the vulnerability.

How do I fix CVE-2025-55202 in OpenCast UI Configuration?

Upgrade OpenCast UI Configuration to version 17.7 or later. As a temporary workaround, restrict file permissions on the UI configuration directory and its adjacent directories.

Is CVE-2025-55202 being actively exploited?

There is currently no evidence of active exploitation of CVE-2025-55202, and no public proof-of-concept exploits are known.

Where can I find the official OpenCast advisory for CVE-2025-55202?

Refer to the OpenCast project's security advisories and release notes for details on CVE-2025-55202 and the corresponding fix: [https://opencastproject.org/security/](https://opencastproject.org/security/)

CVE-2025-55202 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2025-55202 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• linux / server:

find /etc/opencast/ui-config/ -type f -perm -o -r -print0 | xargs -0 ls -l | grep -i 'ui-config-hidden'

• java / server: Monitor OpenCast application logs for unusual file access attempts or errors related to path traversal. Look for patterns indicating attempts to access files outside the expected configuration directory. • generic web: Examine web server access logs for requests targeting the UI configuration endpoint with unusual path parameters. Look for attempts to manipulate the path to access files outside the intended directory.

Opencast heeft een gedeeltelijke path traversal kwetsbaarheid in UI config

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpen

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2025-55202 — Path Traversal in OpenCast UI Configuration?

Am I affected by CVE-2025-55202 in OpenCast UI Configuration?

How do I fix CVE-2025-55202 in OpenCast UI Configuration?

Is CVE-2025-55202 being actively exploited?

Where can I find the official OpenCast advisory for CVE-2025-55202?

Is jouw project getroffen?

Detecteer deze CVE in je project