CVE-2025-61923

MEDIUM4.1EPSS 0.04%

PrestaShop Checkout Backoffice directory traversal allows arbitrary file disclosure

Published: 10/16/2025Modified: 10/16/2025

Description

# Impact Missing validation on input vulnerable to directory traversal. # Patches The problem has been patched in versions: v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1) v4.4.1 for PrestaShop 8 (build number: 8.4.4.1) v5.0.5 for PrestaShop 1.7 (build number: 7.5.0.5) v5.0.5 for PrestaShop 8 (build number: 8.5.0.5) v5.0.5 for PrestaShop 9 (build number: 9.5.0.5) Read the [Versioning policy](https://github.com/PrestaShopCorp/ps_checkout/wiki/Versioning) to learn more about the build number. # Credits [Léo CUNÉAZ](https://github.com/inem0o) for reportied this issue.

Affected packages (1)

Packagist/prestashop/ps_checkoutfrom 0, < 4.4.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.1	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-61923
PATCHhttps://github.com/PrestaShopCorp/ps_checkout
WEBhttps://github.com/PrestaShopCorp/ps_checkout/security/advisories/GHSA-fpxp-pfqm-x54w