cvedb.io
CVE-2025-41035
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-09-04T11:15:33.747 · Last modified 2026-06-17T09:22:27.940

Summary

A problem has been discovered in appRain CMF 4.0.5. An authenticated Path Traversal vulnerability in /apprain/common/download/ allows remote users to bypass the intended SecurityManager restrictions and download any file if they have adequate permissions outside the document root configured on the server via the base64 path after /download/.

Affected products

apprain — apprain

Does this affect you?

Add your gear to cvedb and we'll alert you only when apprain ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.