CVE-2025-67810

Published: Jan 9, 2026Modified: Feb 10, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.

Affected (1)

Products: Area9lyceum: Rhapsode

Area9lyceum

1 product

Rhapsode

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Area9lyceum Rhapsode	Version 1.47.3

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://area9.com

Source: cve@mitre.org

Product

https://security.area9lyceum.com/cve-2025-67810/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.