Primary

Context

Progress Telerik Reporting Absolute Path Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A vulnerability allowing information disclosure through absolute path traversal has been identified in Progress Telerik Reporting versions prior to 2025 Q1 (19.0.25.211). This issue affects the Windows desktop standalone Report Designer and can be exploited by a local threat actor.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure.

Remediation

Users are advised to upgrade to Progress Telerik Reporting 2025 Q1 (19.0.25.211). For those with a Telerik Reporting license, the update is available through the Telerik Product Downloads page. Instructions for updating can be found in the Telerik Reporting Upgrade Overview.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.8

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.8

exploitability

3.3

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress Telerik Reporting Absolute Path Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Progress Telerik Reporting

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating