Medium
CVSS 5.1
Overview
Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
CVE-2025-20949
Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allow...
Risk analysis
This vulnerability is rated 🟡 MEDIUM.
- CVSS: 5.1 (MEDIUM)
- Detected tags: arb_write, path (tag impact: MODERATE)
Recommended actions:
- Canonicalize path; block `..` traversal; use allowlists.