{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T17:39:55.264","vulnerabilities":[{"cve":{"id":"CVE-2025-27445","sourceIdentifier":"security@joomla.org","published":"2025-06-05T14:15:31.413","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A path traversal vulnerability in RSFirewall component 2.9.7 - 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files"},{"lang":"es","value":"Se descubrió una vulnerabilidad de path traversal en el componente RSFirewall 2.9.7 - 3.1.5 para Joomla. Esta vulnerabilidad permite a usuarios autenticados leer archivos arbitrarios fuera del directorio root de Joomla. La falla se debe a una depuración insuficiente de la información proporcionada por el usuario en los parámetros de ruta de archivo, lo que permite a los atacantes explotar secuencias de directory traversal (p. ej., ../) para acceder a archivos confidenciales."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security@joomla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-35"}]}],"references":[{"url":"https://rsjoomla.com/","source":"security@joomla.org"}]}}]}