A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences (e.g., ../) in ZIP entries to write files outside the intended extraction directory. This allows static files (html, js, css, images) file write to unintended locations, or overwriting existing HTML files, potentially leading to content defacement and, in certain deployments, further impact if sensitive files are overwritten.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 28 Jan 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A directory traversal (Zip Slip) vulnerability exists in the “Static Sites” feature of 66biolinks v44.0.0 by AltumCode. Uploaded ZIP archives are automatically extracted without validating or sanitizing file paths. An attacker can include traversal sequences (e.g., ../) in ZIP entries to write files outside the intended extraction directory. This allows static files (html, js, css, images) file write to unintended locations, or overwriting existing HTML files, potentially leading to content defacement and, in certain deployments, further impact if sensitive files are overwritten. | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-01-28T18:46:45.355Z
Reserved: 2026-01-09T00:00:00.000Z
Link: CVE-2025-69601
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-01-28T19:16:23.910
Modified: 2026-01-28T19:16:23.910
Link: CVE-2025-69601
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.