Headline

GHSA-459f-x8vq-xjjm: Static Web Server vulnerable to a symbolic link path traversal

Summary

Symbolic links (symlinks) could be used to access files or directories outside the intended web root folder.

Details

SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they could create symlinks to access other files outside the designated web root folder either by URL or via the directory listing.

PoC

Serve a directory (web root) with SWS.
Create a symlink inside the web root that points to a file outside the web root. e.g. ln -s escape.txt $HOME/.bashrc
Open http://localhost/escape.txt in your browser.
The file content will be served.

Impact

Any web server that runs with elevated privileges (e.g., root/administrator) and handles user-supplied file uploads is primarily impacted.

5 hours ago

ghsa

Open in Source

#web #git

GitHub Advisory Database
GitHub Reviewed
CVE-2025-67487

Static Web Server vulnerable to a symbolic link path traversal

Package

cargo static-web-server (Rust)

Affected versions

<= 2.40.0

Summary

Symbolic links (symlinks) could be used to access files or directories outside the intended web root folder.

Details

PoC

Serve a directory (web root) with SWS.
Create a symlink inside the web root that points to a file outside the web root.
e.g. ln -s escape.txt $HOME/.bashrc
Open http://localhost/escape.txt in your browser.
The file content will be served.

Impact

Any web server that runs with elevated privileges (e.g., root/administrator) and handles user-supplied file uploads is primarily impacted.

References