CVE-2026-25525: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in OpenMage magento-lts
OpenMage magento-lts versions prior to 20. 17. 0 contain a path traversal vulnerability in the Dataflow module due to an insufficient blacklist filter that can be bypassed by crafted input patterns. An authenticated administrator can exploit this flaw to read arbitrary files on the server. The issue is fixed in version 20. 17. 0.
AI Analysis
Technical Summary
The OpenMage magento-lts project, a community-driven fork of Magento Community Edition, had a path traversal vulnerability (CWE-22) in its Dataflow module before version 20.17.0. The module attempted to prevent directory traversal by replacing '../' in input strings, but this filter was weak and could be bypassed using patterns like '..././' or '....//', which still resolved to '../' after replacement. This allowed an authenticated administrator to read arbitrary files on the server filesystem. The vulnerability is tracked as CVE-2026-25525 and has a CVSS 3.1 base score of 4.9 (medium severity). The issue is resolved in version 20.17.0.
Potential Impact
An authenticated administrator can exploit this vulnerability to read arbitrary files on the server filesystem, potentially exposing sensitive information. There is no indication of impact on integrity or availability. The attack requires high privileges (administrator) and no user interaction.
Mitigation Recommendations
Upgrade OpenMage magento-lts to version 20.17.0 or later, where this path traversal vulnerability is patched. Since this is a community-driven project, verify the upgrade from official OpenMage sources. Patch status is confirmed by the version update; no other mitigation is indicated.
CVE-2026-25525: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in OpenMage magento-lts
Description
OpenMage magento-lts versions prior to 20. 17. 0 contain a path traversal vulnerability in the Dataflow module due to an insufficient blacklist filter that can be bypassed by crafted input patterns. An authenticated administrator can exploit this flaw to read arbitrary files on the server. The issue is fixed in version 20. 17. 0.
CVSS v3.1
Score 4.9medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The OpenMage magento-lts project, a community-driven fork of Magento Community Edition, had a path traversal vulnerability (CWE-22) in its Dataflow module before version 20.17.0. The module attempted to prevent directory traversal by replacing '../' in input strings, but this filter was weak and could be bypassed using patterns like '..././' or '....//', which still resolved to '../' after replacement. This allowed an authenticated administrator to read arbitrary files on the server filesystem. The vulnerability is tracked as CVE-2026-25525 and has a CVSS 3.1 base score of 4.9 (medium severity). The issue is resolved in version 20.17.0.
Potential Impact
An authenticated administrator can exploit this vulnerability to read arbitrary files on the server filesystem, potentially exposing sensitive information. There is no indication of impact on integrity or availability. The attack requires high privileges (administrator) and no user interaction.
Mitigation Recommendations
Upgrade OpenMage magento-lts to version 20.17.0 or later, where this path traversal vulnerability is patched. Since this is a community-driven project, verify the upgrade from official OpenMage sources. Patch status is confirmed by the version update; no other mitigation is indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-02-02T19:59:47.372Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e6585319fe3cd2cd13fc25
Added to database: 4/20/2026, 4:46:11 PM
Last enriched: 4/28/2026, 6:06:50 AM
Last updated: 6/4/2026, 5:13:44 PM
Views: 56
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.