SecuriTricks - CVE-2025-13199

Description

A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '../filedir'. The attack is only possible with local access. The exploit has been made public and could be used.

Product(s) Impacted

Vendor	Product	Versions
Fabian	Email Logging Interface	2.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-23

Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	fabian	email_logging_interface	2.0	/	/	/	/	/	/	/

References

https://code-projects.org/

https://github.com/asd1238525/cve/blob/main/Dir1c.md

https://github.com/asd1238525/cve/blob/main/Dir1c.md#poc

https://vuldb.com/?ctiid.332497

https://vuldb.com/?id.332497

https://vuldb.com/?submit.685549

CVSS Score

4.8 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: LOW
User Interaction: NONE
Scope:
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: LOW
Exploit Maturity: PROOF_OF_CONCEPT

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: Nov. 15, 2025, 11:15 a.m.
Last Modified: Nov. 19, 2025, 7:41 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

cna@vuldb.com

CVE-2025-13199