CVE-2025-50735 is a directory traversal vulnerability identified in NextChat software versions up to 2.16.0. The root cause lies in the WebDAV proxy component, which fails to properly canonicalize or reject dot path segments (e.g., '../') in its catch-all routing mechanism. This improper handling allows attackers to traverse directories outside the intended scope, potentially accessing sensitive files or information stored on the server. The vulnerability can be exploited via both authenticated and anonymous WebDAV endpoints, meaning that attackers do not necessarily need valid credentials to leverage this flaw, although some endpoints may require authentication depending on configuration. The absence of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed, but the technical details suggest a significant risk to confidentiality. No patches or known exploits have been reported at the time of publication, but the flaw's nature implies that exploitation could be straightforward for attackers familiar with WebDAV and directory traversal techniques. The vulnerability affects the confidentiality and potentially the integrity of data by exposing sensitive files or configuration details that could be leveraged for further attacks or information disclosure. The WebDAV protocol is commonly used for remote file management, and its exposure in NextChat environments increases the attack surface. Organizations using NextChat with WebDAV enabled should be particularly vigilant. Given the lack of patch links, mitigation currently depends on configuration changes or workarounds until an official fix is released.

For European organizations, the primary impact of CVE-2025-50735 is the unauthorized disclosure of sensitive information due to directory traversal via WebDAV endpoints. This could include access to private communications, configuration files, or other critical data stored within NextChat environments. Such exposure can lead to data breaches, regulatory non-compliance (e.g., GDPR violations), and reputational damage. The vulnerability may also facilitate further attacks if attackers obtain credentials or system details from exposed files. Organizations relying on NextChat for internal or external communications, especially in sectors like finance, healthcare, or government, face elevated risks. The ease of exploitation without user interaction or complex prerequisites increases the threat level. Additionally, if WebDAV endpoints are exposed to the internet or poorly segmented internally, the attack surface broadens significantly. The lack of known exploits currently provides a window for proactive defense, but this may change rapidly once the vulnerability becomes widely known.

1. Immediately audit and restrict access to WebDAV endpoints in NextChat environments, limiting exposure to trusted networks and authenticated users only. 2. Implement strict input validation and canonicalization on all WebDAV requests to prevent traversal sequences such as '../'. 3. Disable WebDAV proxy functionality if not required or replace it with more secure file access methods. 4. Monitor logs for unusual WebDAV activity, especially requests containing dot path segments or attempts to access sensitive directories. 5. Apply network segmentation to isolate NextChat servers and reduce exposure to external threats. 6. Stay alert for official patches or updates from NextChat vendors and apply them promptly once available. 7. Conduct regular security assessments and penetration tests focusing on WebDAV and directory traversal vulnerabilities. 8. Educate system administrators on the risks associated with WebDAV and directory traversal to ensure proper configuration and monitoring.