CVE-2025-23410: GMOD Apollo Relative Path Traversal
9.3
CVSS
Description
When uploading organism or sequence data via the web interface,
GMOD Apollo
will unzip and inspect the files and will not check for path
traversal in supported archive types.
Classification
CVE ID: CVE-2025-23410
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.3
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Problem Types
CWE-23 Relative Path TraversalAffected Products
Vendor: GMOD
Product: Apollo
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.07% (probability of being exploited)
EPSS Percentile: 18.34% (scored less or equal to compared to others)
EPSS Date: 2025-04-02 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2025-23410https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07