Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
Crystal Live HTTP Server 6.01 allows attackers to access system files
CVE-2019-25352
Summary
A flaw in the Crystal Live HTTP Server 6.01 allows an attacker to trick the server into showing sensitive system files by manipulating the URL. This could allow an attacker to access files they shouldn't have access to. To fix this, update to a newer version of the server software.
Original title
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' se...
Original description
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026