CVE-2025-55474: Zip Archive Unvalidated Pathinfo
Extracting path information from a ZipArchive entry using pathinfo() or dirname() without checking for directory traversal sequences ('..') can lead to Path Traversal or Zip Slip vulnerabilities if the extracted directories are used for local storage or file mappings. Discard ZIP entries that contain traversal sequences securely before utilizing directory st
PHPβgreprules fetch cve-2025-55474-zip-archive-unvalidated-pathinfo --engine opengrepDescription
Extracting path information from a ZipArchive entry using pathinfo() or dirname() without checking for directory traversal sequences ('..') can lead to Path Traversal or Zip Slip vulnerabilities if the extracted directories are used for local storage or file mappings. Discard ZIP entries that contain traversal sequences securely before utilizing directory st
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0