Primary

Context

SoftSea EPUB File Reader Directory Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

A directory traversal vulnerability has been identified in SoftSea EPUB File Reader version 1.0.0.0. This vulnerability arises from inadequate validation of file paths when extracting EPUB archives, allowing for the manipulation of directory paths. The issue requires user interaction, as the targeted user must open a crafted EPUB file. Exploiting this vulnerability could enable an attacker to execute code with the privileges of the current user.

Impact

Exploitation of this vulnerability could result in remote code execution, allowing an attacker to execute arbitrary code on the affected system with the current user's privileges.

Remediation

Users are advised to update to the patched version released by the vendor on September 30, 2025.

Added: Dec 1, 2025, 7:18 PM

Updated: Dec 1, 2025, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.4

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SoftSea EPUB File Reader Directory Traversal Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating