{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T00:20:21.780","vulnerabilities":[{"cve":{"id":"CVE-2025-67076","sourceIdentifier":"cve@mitre.org","published":"2026-01-15T16:16:11.650","lastModified":"2026-01-21T14:45:48.207","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated attackers to read files on the system via the misc controller and the ExternalGetFile action. Only files with an extension can be read."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en Omnispace Agora Project anterior a 25.10 que permite a atacantes no autenticados leer archivos en el sistema a través del controlador misc y la acción ExternalGetFile. Solo se pueden leer archivos con una extensión."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:agora-project:agora-project:*:*:*:*:*:*:*:*","versionEndExcluding":"25.10","matchCriteriaId":"03FDD8D6-01A9-4C64-9893-65C744702416"}]}]}],"references":[{"url":"https://www.agora-project.net","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.helx.io/blog/advisory-agora-project/","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]}