SB2026042407 - Relative Path Traversal in Text Generation Web UI
Published: April 24, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Relative Path Traversal (CVE-ID: CVE-2025-62364)
CWE-ID: CWE-23 - Relative Path Traversal
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper neutralization of file paths in the character picture upload feature when processing an uploaded symbolic link file. A remote attacker can upload a crafted .txt file containing a symbolic link and access the uploaded file URL to disclose sensitive information.
The issue can expose server files such as system configuration files and credentials.
Remediation
Install update from vendor's website.