Vulnerability Details CVE-2025-26349
A CWE-23 "Relative Path Traversal" in the file upload mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite arbitrary files via crafted HTTP requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.5%
CVSS Severity
CVSS v3 Score 7.2