Vulnerability Details CVE-2025-30343
A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or folder as a relative or absolute path (e.g., ../../../etc/passwd), the ZIP archive generated for download converts that title into a path. Depending on the extraction tool used by the user, this might overwrite files locally outside of the chosen directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.9%
CVSS Severity
CVSS v3 Score 3.0
Products affected by CVE-2025-30343
-
cpe:2.3:a:openslides:openslides:3.2
-
cpe:2.3:a:openslides:openslides:4.0.15
-
cpe:2.3:a:openslides:openslides:4.2.4