CVE-2025-55295 is a path traversal vulnerability identified in the qbit_manage tool developed by StuffAnThings, specifically affecting versions 4.5.0 through 4.5.3. qbit_manage is designed to automate and manage tasks related to qBittorrent, a popular BitTorrent client. The vulnerability resides in the web API endpoint restore_config_from_backup, which allows authenticated users to restore configuration backups. By manipulating the backup_id parameter with path traversal sequences such as '../', an attacker can bypass intended directory restrictions and access arbitrary files on the server's filesystem. This flaw is categorized under CWE-22, indicating improper limitation of a pathname to a restricted directory. The vulnerability does not require user interaction beyond authentication but does require the attacker to have valid credentials or access to an authenticated session. The CVSS v3.1 base score is 6.5 (medium severity), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). The vulnerability allows disclosure of sensitive files, potentially including configuration files, credentials, or other sensitive data stored on the server. No known exploits in the wild have been reported yet, and the issue is fixed in version 4.5.4 of qbit_manage.

For European organizations using qbit_manage versions 4.5.0 to 4.5.3, this vulnerability poses a significant risk to confidentiality. Attackers with authenticated access can read arbitrary files on the server, potentially exposing sensitive corporate data, credentials, or configuration files that could facilitate further compromise. Since qbit_manage is used to automate qBittorrent tasks, organizations leveraging it in environments with sensitive data or within internal networks could see lateral movement or data leakage risks if attackers exploit this flaw. The lack of impact on integrity and availability limits the threat to data exposure rather than system disruption. However, the requirement for authentication reduces the attack surface to insiders or attackers who have compromised credentials. European organizations with lax access controls or exposed management interfaces are at higher risk. The vulnerability could also be leveraged in targeted attacks against organizations using qbit_manage to gain footholds or escalate privileges by harvesting sensitive files.

1. Immediate upgrade to qbit_manage version 4.5.4 or later, where the vulnerability is patched, is the most effective mitigation. 2. Restrict access to the qbit_manage web API to trusted networks and users only, employing network segmentation and firewall rules to limit exposure. 3. Enforce strong authentication mechanisms and monitor for unauthorized access attempts to the restore_config_from_backup endpoint. 4. Implement application-layer access controls to validate and sanitize input parameters, particularly backup_id, to prevent path traversal attempts. 5. Conduct regular audits of server filesystem permissions to ensure that the qbit_manage process runs with the least privileges necessary, limiting file access scope. 6. Monitor logs for suspicious activity related to backup restoration or unusual file access patterns. 7. If upgrading immediately is not feasible, consider disabling the restore_config_from_backup endpoint or restricting its use until patched. 8. Educate administrators and users about the risks of credential compromise and enforce multi-factor authentication where possible.