Title: Eptura Archibus Directory Traversal

Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. An attacker can alter the request to the server while using the "Run Script" and "Server File" features of the Database update wizard which load a script from the server to run on in the application. By intercepting the request and changing the variable in the post request for "c0-param0" and "c0-param1" an attacker can read files on the server bypassing the folder restrictions.

Affected Component: /archibus/dwr/call/plaincall/SchemaUpdateWizardService.getServerFileContents.dwr

Source Name: Brandon Roach (V4quero) @ Pathfynder

CVEs: CVE-2025-25652 (https://www.cve.org/CVERecord?id=CVE-2025-25652)

Software URL:
https://eptura.com/our-platform/archibus/
https://archibus.com/