{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T23:33:59.936","vulnerabilities":[{"cve":{"id":"CVE-2025-55295","sourceIdentifier":"security-advisories@github.com","published":"2025-08-19T18:15:29.347","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"qBit Manage is a tool that helps manage tedious tasks in qBittorrent and automate them. A path traversal vulnerability exists in qbit_manage's web API that allows authenticated users to read arbitrary files from the server filesystem through the restore_config_from_backup endpoint. The vulnerability allows attackers to bypass directory restrictions and read arbitrary files from the server filesystem by manipulating the backup_id parameter with path traversal sequences (e.g., ../). This vulnerability is fixed in 4.5.4."},{"lang":"es","value":"qBit Manage es una herramienta que ayuda a gestionar tareas tediosas en qBittorrent y automatizarlas. Existe una vulnerabilidad de path traversal en la API web de qbit_manage que permite a los usuarios autenticados leer archivos arbitrarios del sistema de archivos del servidor a través del endpoint restore_config_from_backup. Esta vulnerabilidad permite a los atacantes eludir las restricciones de directorio y leer archivos arbitrarios del sistema de archivos del servidor manipulando el parámetro backup_id con secuencias de path traversal (p. ej., ../). Esta vulnerabilidad se corrigió en la versión 4.5.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"references":[{"url":"https://github.com/StuffAnThings/qbit_manage/releases/tag/v4.5.4","source":"security-advisories@github.com"},{"url":"https://github.com/StuffAnThings/qbit_manage/security/advisories/GHSA-vh56-26wq-vvfv","source":"security-advisories@github.com"}]}}]}