CVE-2025-67083

← CVEs

MED 5.3

Published

2026-01-15

Last Modified

2026-01-22

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to read files from the server. The ability to read files and the file type depends on the web server and its configuration.

Affected Applications in Environment 1

Plane v1.0

1 device

Affected Devices 1

DPAVTE-DH77B74 Windows

References 2

https://github.com/InvoicePlane/InvoicePlane
https://www.helx.io/blog/advisory-invoice-plane/