CVE-2025-50735

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.

ChatGPTNextWeb/NextChat
ChatGPTNextWeb/NextChat
✨ Light and Fast AI Assistant. Support: Web | iOS | MacOS | Android | Linux | Windows
GitHubGitHub
88.2K
fai1424/Vulnerability-Research
fai1424/Vulnerability-Research
GitHubGitHub