CVE-2025-63365
Summary
| CVE | CVE-2025-63365 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-12-01 19:15:51 UTC |
| Updated | 2026-06-17 09:53:03 UTC |
| Description | SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents. |
Risk And Classification
Primary CVSS: v3.1 7.1 HIGH from ADP
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS: 0.002540000 probability, percentile 0.166810000 (date 2026-07-07)
Problem Types: CWE-22 | n/a | CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
NoneCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Epubfilereader | Epub File Reader | 1.0.0.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| jeroscope.com/advisories/2025/jero-2025-001 | [email protected] | jeroscope.com | Third Party Advisory |
| epub.com | [email protected] | epub.com | Broken Link |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.