CVE-2025-11939 | ChurchCRM up to 5.18.0 Backup Restore RestoreJob.php restoreFile path traversal

A vulnerability classified as critical was found in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing manipulation of the argument restoreFile can lead to path traversal.

The identification of this vulnerability is CVE-2025-11939. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More