CVE-2025-64184 is a path traversal vulnerability classified under CWE-22, affecting Dosage versions 3.1 and below. Dosage downloads comic strips and archives them by constructing filenames based on various attributes of the remote comic, including the page URL, image URL, and page content. While the software correctly sanitizes the basename of the file to remove directory traversal characters (e.g., '..'), it relies on the HTTP Content-Type header to determine the file extension without validation. This flaw allows an attacker who can control or intercept the HTTP response (either remotely or via man-in-the-middle attacks on unencrypted HTTP connections) to specify a crafted Content-Type header that includes directory traversal sequences or otherwise manipulates the file extension. Consequently, the attacker can cause Dosage to write files outside the intended directory, potentially overwriting critical files or placing malicious files on the victim's system. The vulnerability has a CVSS 3.1 score of 8.8 (high), reflecting its network attack vector, low attack complexity, no required privileges, but requiring user interaction. The impact includes full compromise of confidentiality, integrity, and availability of affected systems. The issue is resolved in Dosage version 3.2, which properly validates and restricts file extensions derived from HTTP headers. No public exploits have been reported yet, but the vulnerability's nature makes it a significant risk, especially where unencrypted HTTP is used or where attackers can intercept traffic.

For European organizations, this vulnerability poses a significant risk, particularly for those using Dosage in environments where comic content is downloaded regularly. The ability to write arbitrary files outside the intended directory can lead to unauthorized code execution, data corruption, or system compromise. Confidential information could be exposed or altered, and critical system files could be overwritten, leading to denial of service or persistent malware installation. Organizations relying on Dosage for digital content management, media archiving, or research may face operational disruptions. The risk is heightened in environments where network traffic is not encrypted, allowing man-in-the-middle attackers to exploit the flaw remotely. Additionally, the vulnerability could be leveraged as a foothold in broader attacks targeting media companies, educational institutions, or cultural organizations that use such tools. The lack of authentication and low complexity of exploitation further increase the threat level.

European organizations should immediately upgrade Dosage to version 3.2 or later, where this vulnerability is fixed. If upgrading is not immediately feasible, users should avoid downloading comics over unencrypted HTTP connections to prevent man-in-the-middle exploitation. Network defenses should be enhanced to detect and block suspicious HTTP traffic that attempts to manipulate Content-Type headers. Implement strict egress and ingress filtering to limit exposure to untrusted networks. Additionally, running Dosage with least privilege file system permissions can reduce the impact of arbitrary file writes. Monitoring file system changes in directories used by Dosage can help detect exploitation attempts. Organizations should also educate users about the risks of downloading content from untrusted sources and encourage the use of secure protocols (HTTPS). Regular vulnerability scanning and patch management processes should be enforced to prevent similar issues.