Primary

Context

Rapid7 Velociraptor Directory Traversal Vulnerability on Linux

Vulnerability

Patched

A directory traversal vulnerability has been identified in Rapid7 Velociraptor versions prior to 0.75.6, specifically on Linux servers. This vulnerability allows a rogue client to upload files to locations outside the designated datastore directory. The issue arises from inadequate sanitization of directory names that terminate with a '.', which are only partially encoded. While the vulnerability enables writing files to incorrect locations, the target directory must end with '%2E', restricting the potential impact by preventing overwriting of critical files.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads in unintended directories, potentially allowing for file content injection.

Remediation

Users should upgrade to Velociraptor version 0.75.6 or 0.74.6, depending on their current release. Instructions for upgrading the server are available in the Velociraptor documentation.

Added: Dec 29, 2025, 7:24 PM

Updated: Dec 29, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

7.8

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

7.8

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rapid7 Velociraptor Directory Traversal Vulnerability on Linux

Vulnerability

Impact

Remediation

Affected Products

Rapid7 Velociraptor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating