CVE-2024-52885

Medium CVSS 5.0

Overview

The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway.

CWE: CWE-35 Published: 2025-08-06T15:15:31.287

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.0 (MEDIUM)
Detected tags: path (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags