Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-41428

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.

Published

2025-06-03T08:15:19.467

Last Modified

2025-06-04T14:54:33.783

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.0: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

References

https://jvn.jp/en/jp/JVN37075430/ ([email protected])
https://www.keiyo-system.co.jp/archives/11310 ([email protected])