CVE-2025-31411: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in aribhour Linet ERP-Woocommerce Integration
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.12.
AI Analysis
Technical Summary
The vulnerability CVE-2025-31411 in aribhour Linet ERP-Woocommerce Integration is a path traversal issue that allows an attacker with high privileges to bypass directory restrictions and access files outside the intended directory. This affects versions up to 3.5.12. The CVSS v3.1 base score is 5.9 (medium severity), reflecting network attack vector, high attack complexity, required privileges, no user interaction, and high impact on confidentiality and integrity but no impact on availability. No patch or official fix has been documented yet.
Potential Impact
Successful exploitation could lead to unauthorized disclosure and modification of sensitive files outside the restricted directory, potentially compromising system confidentiality and integrity. Availability is not impacted. The attack requires high privileges, limiting the scope of potential attackers.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected plugin and limit high privilege accounts to trusted users only. Monitor for updates from the vendor or security advisories regarding patches or workarounds.
CVE-2025-31411: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in aribhour Linet ERP-Woocommerce Integration
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in aribhour Linet ERP-Woocommerce Integration linet-erp-woocommerce-integration allows Path Traversal.This issue affects Linet ERP-Woocommerce Integration: from n/a through <= 3.5.12.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-31411 in aribhour Linet ERP-Woocommerce Integration is a path traversal issue that allows an attacker with high privileges to bypass directory restrictions and access files outside the intended directory. This affects versions up to 3.5.12. The CVSS v3.1 base score is 5.9 (medium severity), reflecting network attack vector, high attack complexity, required privileges, no user interaction, and high impact on confidentiality and integrity but no impact on availability. No patch or official fix has been documented yet.
Potential Impact
Successful exploitation could lead to unauthorized disclosure and modification of sensitive files outside the restricted directory, potentially compromising system confidentiality and integrity. Availability is not impacted. The attack requires high privileges, limiting the scope of potential attackers.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the affected plugin and limit high privilege accounts to trusted users only. Monitor for updates from the vendor or security advisories regarding patches or workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-03-28T10:59:52.730Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69cd7350e6bfc5ba1def19a2
Added to database: 4/1/2026, 7:34:40 PM
Last enriched: 5/1/2026, 11:47:01 AM
Last updated: 5/21/2026, 1:44:24 PM
Views: 26
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.