PT-2025-02: Access to files or directories to external paties in TCPDF

MEDIUM

(6.9) CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

THREATSCAPE

Analytics articles

What are the security threats on your network?

Check your traffic-for free

Request pilot

Vulnerability type:
CWE-552:Files or Directories Accessible to External Parties

Vulnerability vector:

Base vulnerability score (CVSSv3.1): CVSS:3.1/ AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity (CVSSv3.1): 5.7 (medium)
Base vulnerability score (CVSSv4.0): CVSS:4.0/ AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Severity (CVSSv4.0): 6.9 (mdium)

Description:

The vulnerability was identified in TCPDF, version 6.8.0.

The discovered vulnerability allows an attacker to transmit a specially created HTML file containing an image in Base64 format. Using the specified payload, the attacker can access an arbitrary image outside of the directory.

Vulnerability status: Confirmed by vendor

Date of vulnerability remediation: 26.01.2025

Recommendations:

Update to version 6.8.2 or higher

Researcher: Vladimir Razov (Positive Technologies)

Identifier:

BDU:2025-02153

Vendor:

Tecnick.com LTD

Vulnerable product:

TCPDF

Vulnerable version:

6.8.0

Get in touch

Fill in the form and our specialists
will contact you shortly

General
questions

We're happy to answer any questions you may have.

Partnership

Join us in making the world a safer place.

Request a pilot

Test drive our solutions with a customized pilot program.

PT-2025-02: Access to files or directories to external paties in TCPDF

Analytics articles

What are the security threats on your network?

Vulnerability type:CWE-552:Files or Directories Accessible to External Parties

Get in touch

Vulnerability type:
CWE-552:Files or Directories Accessible to External Parties