CVE-2025-14728
Last modified
CVE-2025-14728 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. EPSS estimates a 0.47% chance of exploitation in the next 30 days.
Description
Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to insufficient sanitization of directory names which end with a ".", only encoding the final "." AS "%2E". Although files can be written to incorrect locations, the containing directory must end with "%2E". This limits the impact of this vulnerability, and prevents it from overwriting critical files.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Rapid7 | Velociraptor | < 0.75.6 |
References
- https://docs.velociraptor.app/announcements/advisories/cve-2025-14728/Exploit, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-14728?
How severe is CVE-2025-14728?
How do I fix CVE-2025-14728?
Are you affected by CVE-2025-14728?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST