Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

SeppMail User Web Interface Path Traversal Vulnerability Leading to Arbitrary File Write and Remote Code Execution

Vulnerability

A vulnerability in the SEPPmail User Web Interface's large file transfer feature allows for arbitrary file writes via path traversal, potentially leading to remote code execution. This issue affects SEPPmail versions through 15.0.2.1.

Impact

Exploitation of this vulnerability could result in unauthorized file writes, which may be leveraged to execute arbitrary code on the server.

Reproduction

The vulnerability can be reproduced by uploading a file through the large file transfer feature in the SEPPmail User Web Interface. The upload process can be manipulated to include path traversal sequences, allowing the uploaded file to be written outside of the intended directory. Once the file is uploaded, any executable code contained within can be executed on the server.

Remediation

Users are advised to update to SEPPmail version 15.0.3, which addresses this vulnerability.

Added: Mar 5, 2026, 7:55 AM
Updated: Mar 5, 2026, 7:55 AM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
10.0
exploitability
7.1
remediation
7.7
relevance
3.5
threat
8.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.