CVE-2025-67076

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read.

Vulnerability Details

Published Date

January 15, 2026

Last Modified

January 21, 2026

CWE ID

CWE-22

Source

NVD

Vendor

agora-project

Product

agora-project

External References

https://www.agora-project.net
https://www.helx.io/blog/advisory-agora-project/

CVE-2025-67076

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment