Eptura Archibus, like many web applications, has faced Directory Traversal Eptura Archibus, like many web applications, has faced Directory Traversal vulnerabilities. This flaw allows an attacker to access files and directories stored outside the intended application root.

It typically occurs when the application constructs file paths based on user-supplied input without adequate validation or sanitization. By injecting sequences like `../` (dot-dot-slash) into a parameter that handles file paths, an attacker can navigate up the directory tree.

Successful exploitation can lead to unauthorized disclosure of sensitive system files, configuration data, or other application resources. This information might then be leveraged for further attacks, such as gaining remote code execution or escalating privileges.

Mitigation involves robust input validation to prevent path manipulation and ensuring that file access functions strictly enforce intended directory boundaries. Users are advised to keep their Eptura Archibus installations updated to the latest patched versions.

Title: Eptura Archibus Directory Traversal

Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. An attacker can alter the request to the server while using the "Run Script" and "Server File" features of the Database update wizard which load a script from the server to run on in the application. By intercepting the request and changing the variable in the post request for "c0-param0" and "c0-param1" an attacker can read files on the server bypassing the folder restrictions.

Affected Component: /archibus/dwr/call/plaincall/SchemaUpdateWizardService.getServerFileContents.dwr

Source Name: Brandon Roach (V4quero) @ Pathfynder

CVEs: CVE-2025-25652 (https://www.cve.org/CVERecord?id=CVE-2025-25652)

Software URL:
https://eptura.com/our-platform/archibus/
https://archibus.com/