cvedb.io
CVE-2025-67810
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-01-09T20:15:51.887 · Last modified 2026-06-17T09:58:07.653

Summary

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.

Affected products

area9lyceum — rhapsode

Does this affect you?

Add your gear to cvedb and we'll alert you only when area9lyceum ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.