PatchSiren cyber security CVE debrief
CVE-2018-25421 Openstamanager CVE debrief
CVE-2018-25421 documents a path traversal vulnerability in Open STA Manager 2.3 that permits authenticated attackers to download arbitrary files from the underlying server. The flaw resides in modules/backup/actions.php, where the op=getfile action accepts a file parameter without adequate sanitization of directory traversal sequences (../). An attacker with valid credentials can manipulate this parameter to escape the intended directory and retrieve sensitive system files. The vulnerability was assigned a HIGH severity CVSS score of 7.1. The CVE record was published and last modified on 2026-05-30. The vendor attribution is marked as low confidence and flagged for review, derived from a reference domain candidate for Openstamanager. No known exploitation in ransomware campaigns has been documented, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Openstamanager
- Product
- Open STA Manager
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-30
- Original CVE updated
- 2026-05-30
- Advisory published
- 2026-05-30
- Advisory updated
- 2026-05-30
Who should care
Organizations running Open STA Manager 2.3 for business operations, IT administrators responsible for web application security, and security teams monitoring for path traversal vulnerabilities in PHP-based management applications
Technical summary
Open STA Manager 2.3 fails to sanitize directory traversal sequences in the file parameter of modules/backup/actions.php when processing op=getfile requests. Authenticated attackers can supply ../ sequences to traverse the filesystem and download arbitrary files, exposing sensitive system data. The vulnerability requires network access and valid credentials, with high impact to confidentiality but no direct impact to integrity or availability.
Defensive priority
HIGH
Recommended defensive actions
- Restrict network access to Open STA Manager administrative interfaces to trusted hosts only
- Apply input validation and sanitization to the file parameter in modules/backup/actions.php, rejecting path traversal sequences such as ../
- Implement allowlist-based file access controls restricting downloads to intended backup directories
- Review and update to a patched version of Open STA Manager if available from the vendor
- Monitor access logs for anomalous GET requests to modules/backup/actions.php with op=getfile and unexpected file parameters
- Consider implementing additional authentication factors for administrative access to reduce risk of credential compromise
Evidence notes
The source corpus indicates the affected endpoint is modules/backup/actions.php with op=getfile, using ../ sequences for traversal. The CVSS vector provided is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N. The weakness is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). Vendor identification is tentative based on reference domain analysis and requires review.
Official resources
The vulnerability was disclosed through VulnCheck and is documented in the NVD with references to the vendor website, SourceForge download page, Exploit-DB entry 45693, and a VulnCheck advisory.