VDB
CVE-2025-49466
CVE-2025-49466
PUBLISHED
CVSS 5.800000190734863 MEDIUM
aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,
EPSS 1.12% · 78.5th percentile
Risk Scores
CVSS v3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
1.12%
78.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| rjarry | aerc | 0 |
Timeline
- Jun 5, 2025 CVE Published
- Jun 5, 2025 EPSS Score
- Jun 5, 2025 PoC Published
- Jun 5, 2025 CVE Updated
- Jun 16, 2025 EPSS Score
- Jun 26, 2025 EPSS Score
- Jul 7, 2025 EPSS Score
- Jul 17, 2025 EPSS Score
- Jul 28, 2025 EPSS Score
- Aug 8, 2025 EPSS Score
- Aug 18, 2025 EPSS Score
- Aug 29, 2025 EPSS Score