{"id":75993,"date":"2025-09-19T09:01:01","date_gmt":"2025-09-19T09:01:01","guid":{"rendered":""},"modified":"2025-10-21T18:14:05","modified_gmt":"2025-10-22T00:14:05","slug":"cve-2025-58761-critical-path-traversal-vulnerability-in-tautulli-v2-15-3-and-prior","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-58761-critical-path-traversal-vulnerability-in-tautulli-v2-15-3-and-prior\/","title":{"rendered":"<strong>CVE-2025-58761: Critical Path Traversal Vulnerability in Tautulli v2.15.3 and Prior<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The vulnerability dubbed CVE-2025-58761 is a significant security flaw discovered in Tautulli, a Python-based monitoring and tracking tool employed by Plex Media Server. This vulnerability could potentially affect millions of users worldwide who use Plex Media Server for multimedia sharing and streaming. The gravity of this threat lies in its potential to give unauthenticated attackers the ability to read <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55454-authenticated-arbitrary-file-upload-vulnerability-in-dootask-v1-0-51\/\"  data-wpil-monitor-id=\"84462\">arbitrary files<\/a> from the application server&#8217;s filesystem. If exploited, this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-7775-critical-memory-overflow-vulnerability-in-netscaler-adc-and-gateway-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"83751\">vulnerability could lead to system<\/a> compromise and data leakage, putting sensitive user information at risk.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-58761<br \/>\nSeverity: High &#8211; CVSS Score 8.6<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22404-potential-system-compromise-due-to-use-after-free-vulnerability\/\"  data-wpil-monitor-id=\"85678\">System compromise<\/a> and data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-4245771977\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58762-critical-remote-code-execution-vulnerability-in-tautulli-v2-15-3-and-earlier\/\"  data-wpil-monitor-id=\"90929\">Tautulli | v2.15.3<\/a> and Prior<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The `real_pms_image_proxy` endpoint in Tautulli v2.15.3 and prior is susceptible to a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-54261-critical-path-traversal-vulnerability-in-coldfusion\/\"  data-wpil-monitor-id=\"89183\">path traversal<\/a> attack. The endpoint is designed to fetch an image directly from the Plex Media Server. The image to be fetched is specified through an `img` URL parameter, which can either be a URL or a file path. However, an attacker can bypass the validation process by starting the `img` parameter with a valid prefix, then adjoining path <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-55526-high-risk-directory-traversal-vulnerability-in-n8n-workflows\/\"  data-wpil-monitor-id=\"89344\">traversal characters to reach files outside of intended directories<\/a>. By exploiting this vulnerability, an attacker can exfiltrate files on the application file system, including the `config.ini` file containing the hashed admin <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-48709-clear-text-password-exposure-in-bmc-control-m-database-connection\/\"  data-wpil-monitor-id=\"83461\">password and the `tautulli.db` SQLite database<\/a> containing active JWT tokens.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-4224015774\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a hypothetical example of how an attacker could exploit this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-8592-wordpress-inspiro-theme-vulnerability-to-cross-site-request-forgery-csrf\/\"  data-wpil-monitor-id=\"85421\">vulnerability using an HTTP request<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/real_pms_image_proxy?img=interfaces\/default\/images\/..\/..\/..\/..\/..\/etc\/passwd HTTP\/1.1\nHost: target.example.com<\/code><\/pre>\n<p>In this example, the attacker appends path traversal characters to the `img` parameter, attempting to fetch the `\/etc\/passwd` file, which is a sensitive <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-58755-high-risk-vulnerability-in-monai-ai-toolkit-allowing-system-file-overwrite\/\"  data-wpil-monitor-id=\"88994\">file on Unix-based systems<\/a>.<\/p>\n<p><strong>Impact of the Exploit<\/strong><\/p>\n<p>If the vulnerability is successfully exploited, an attacker could gain administrative control over the application. This could <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9253-stack-based-buffer-overflow-on-linksys-wi-fi-range-extenders-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"84292\">lead to a range<\/a> of harmful outcomes, including unauthorized access to sensitive user data and the potential to manipulate or corrupt system files and data, leading to system instability or failure.<\/p>\n<p><strong>Suggested Remediation<\/strong><\/p>\n<p>The recommended <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30519-default-root-credentials-vulnerability-in-dover-fueling-solutions-progauge-maglink-lx4-devices\/\"  data-wpil-monitor-id=\"90215\">solution to this vulnerability<\/a> is to apply the vendor-supplied patch, which is available in version 2.16.0 of Tautulli. Until the patch can be applied, it&#8217;s advised to use a Web Application Firewall (WAF) or Intrusion Detection System (IDS) as a temporary mitigation to detect and block <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-1740-excessive-authentication-attempts-vulnerability-in-akinsoft-myrezzta\/\"  data-wpil-monitor-id=\"86745\">attempts to exploit this vulnerability<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The vulnerability dubbed CVE-2025-58761 is a significant security flaw discovered in Tautulli, a Python-based monitoring and tracking tool employed by Plex Media Server. This vulnerability could potentially affect millions of users worldwide who use Plex Media Server for multimedia sharing and streaming. The gravity of this threat lies in its potential to give unauthenticated [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[85],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-75993","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-directory-traversal"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/75993","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=75993"}],"version-history":[{"count":12,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/75993\/revisions"}],"predecessor-version":[{"id":83874,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/75993\/revisions\/83874"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=75993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=75993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=75993"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=75993"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=75993"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=75993"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=75993"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=75993"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=75993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}