AIKIDO-2025-10408
kasmtech.KasmVNC is vulnerable to Path Traversal
77
High Risk
This Affects:
kasmtech.KasmVNCTL;DR
Kasm Technologies Inc's KasmVNC component is affected by a vulnerability that may allow an attacker to browse the underlying filesystem files (more commonly known as Path Traversal). The vulnerability required credentials and did not provide access to files the user didn't already have access to inside of the KasmVNC session. This vulnerability was not exposed or exploitable for sessions served by Kasm Workspaces and only applies to the use of KasmVNC outside of Kasm Workspaces.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
kasmtech.KasmVNC is vulnerable to Path Traversal in versions 1.0.0 - 1.3.1.
How to fix this
Upgrade the kasmtech.KasmVNC library to the patch version.
Links
GitHub Release
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant