CVE-2025-65952 is a path traversal vulnerability classified under CWE-22 affecting the iiDk-the-actual Console software, which is used to control users of Gorilla Tag mods and other network users. The vulnerability exists in versions prior to 2.8.0 and allows an unauthenticated attacker to craft complex pathnames using combinations of backslashes and periods to bypass directory restrictions. This enables the attacker to write files outside the intended Gorilla Tag directory, potentially overwriting critical system files or placing malicious payloads in sensitive locations. The vulnerability is remotely exploitable without any authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 8.7, reflecting high severity due to network attack vector, low attack complexity, and no privileges or user interaction required. The impact on confidentiality is none, but integrity is high due to unauthorized file writes, and availability is not affected. The vulnerability was publicly disclosed on November 25, 2025, and has been patched in version 2.8.0 of the Console software. No known exploits have been reported in the wild, but the potential for exploitation remains significant given the ease of attack and the critical nature of file write capabilities. Organizations using affected versions should apply the patch immediately to prevent exploitation.

For European organizations, this vulnerability poses a significant risk especially to those involved in gaming communities, mod development, or any networked environments using the iiDk-the-actual Console software. Unauthorized file writes can lead to system compromise, data integrity loss, or persistent malware installation. The ability to write arbitrary files without authentication can be leveraged to escalate attacks, potentially impacting critical infrastructure if the software is used in broader network management contexts. The vulnerability could also be exploited to disrupt services or manipulate user data, undermining trust and operational stability. Given the network-exploitable nature and lack of required privileges, the threat can spread rapidly within vulnerable environments. Organizations failing to update may face increased risk of targeted attacks or opportunistic exploitation, especially as threat actors develop exploits post-disclosure.

European organizations should immediately upgrade all instances of the iiDk-the-actual Console software to version 2.8.0 or later, where the vulnerability is patched. Network segmentation should be employed to isolate systems running this software from untrusted networks to reduce exposure. Implement strict input validation and sanitization on any interfaces accepting file paths to prevent malformed pathname exploitation. Monitor logs for unusual file write activities or access attempts outside expected directories. Employ application whitelisting and endpoint detection to identify and block unauthorized file modifications. Conduct regular vulnerability scans and penetration tests focusing on path traversal and directory escape vectors. Educate administrators and users about the risks of running outdated software versions and the importance of timely patching. If immediate patching is not feasible, consider disabling or restricting access to the Console software until updates can be applied.