Vulnerability Details CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v3 Score 6.5
References
- https://github.com/simogeo/Filemanager
- https://github.com/simogeo/Filemanager/releases/tag/v1.7.0
- https://github.com/simogeo/Filemanager/releases/tag/v1.8.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.0.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.1.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.2.0
- https://github.com/simogeo/Filemanager/releases/tag/v2.3.0
- https://github.com/zakumini/CVE-List/blob/main/CVE-2025-46002/CVE-2025-46002.md
- https://www.exploit-db.com/exploits/38945
Products affected by CVE-2025-46002
-
cpe:2.3:a:simogeo:filemanager:0.8
-
cpe:2.3:a:simogeo:filemanager:0.9
-
cpe:2.3:a:simogeo:filemanager:1.0
-
cpe:2.3:a:simogeo:filemanager:1.1
-
cpe:2.3:a:simogeo:filemanager:1.5.0
-
cpe:2.3:a:simogeo:filemanager:1.6.0
-
cpe:2.3:a:simogeo:filemanager:1.7.0
-
cpe:2.3:a:simogeo:filemanager:1.8.0
-
cpe:2.3:a:simogeo:filemanager:2.0.0