{"id":47779,"date":"2025-06-02T05:50:41","date_gmt":"2025-06-02T05:50:41","guid":{"rendered":""},"modified":"2025-06-17T11:20:03","modified_gmt":"2025-06-17T17:20:03","slug":"cve-2025-27010-path-traversal-vulnerability-in-bslthemes-tastyc-leading-to-php-local-file-inclusion","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-27010-path-traversal-vulnerability-in-bslthemes-tastyc-leading-to-php-local-file-inclusion\/","title":{"rendered":"CVE-2025-27010: Path Traversal Vulnerability in bslthemes Tastyc Leading to PHP Local File Inclusion<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-27010 refers to a high-risk vulnerability found in the bslthemes Tastyc software, specifically a path traversal issue leading to PHP Local File Inclusion. This vulnerability can allow an attacker to read any file on the system that the web service has access to, potentially leading to unauthorized access and data leakage.
\nThe affected software<\/a>, Tastyc, is a popular choice for content management and design, providing an attractive target for potential attackers. Any organization or individual using Tastyc versions before 2.5.2 is at risk and should take immediate action to mitigate this vulnerability<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-27010
\nSeverity: High (8.1 CVSS score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system<\/a> compromise or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n