{"id":"CVE-2025-45317","details":"A zip slip vulnerability in the /modules/ImportModule.php component of hortusfox-web v4.4 allows attackers to execute arbitrary code via a crafted archive.","modified":"2026-04-10T05:27:05.863372Z","published":"2025-08-13T18:15:31.627Z","references":[{"type":"WEB","url":"https://github.com/danielbrendel/hortusfox-web/blob/8ab851101a62d8eb311235c118eeeb32a9b36978/app/modules/ImportModule.php#L28"},{"type":"EVIDENCE","url":"https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-45317/CVE-2025-45317.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/danielbrendel/hortusfox-web","events":[{"introduced":"0"},{"last_affected":"72ed3d329595144bfa3d450b69e53d4b810260b0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.4"}]}}],"versions":["v1.0","v1.1","v1.2","v1.3","v1.4","v1.5","v1.6","v2.0","v2.1","v2.2","v2.3","v2.4","v2.5","v3.0","v3.1","v3.2","v3.3","v3.4","v3.5","v3.6","v3.7","v3.8","v3.9","v4.0","v4.1","v4.2","v4.3","v4.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-45317.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}