Description
Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter
Published: 2026-05-22
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Follett
Follett destiny Library Manager
Vendors & Products Follett
Follett destiny Library Manager

Fri, 22 May 2026 17:15:00 +0000

Type Values Removed Values Added
Title Directory Traversal Allowing Remote File Read in Follett Destiny Library Manager Directory Traversal Allows Remote File Read in Follett Destiny Library Manager

Fri, 22 May 2026 16:00:00 +0000

Type Values Removed Values Added
Title Directory Traversal Allowing Remote File Read in Follett Destiny Library Manager

Fri, 22 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 22 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter
References

Subscriptions

Follett Destiny Library Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-22T14:52:28.087Z

Reserved: 2025-04-22T00:00:00.000Z

Link: CVE-2025-45145

cve-icon Vulnrichment

Updated: 2026-05-22T14:50:25.747Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-22T15:16:25.637

Modified: 2026-06-17T09:25:23.863

Link: CVE-2025-45145

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T11:34:28Z

Weaknesses