{"id":66228,"date":"2025-07-14T14:37:29","date_gmt":"2025-07-14T11:07:29","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2024-26291-avid-nexis-unauthenticated-arbitrary-file-read-vulnerability\/"},"modified":"2025-07-14T14:37:29","modified_gmt":"2025-07-14T11:07:29","slug":"cve-2024-26291-avid-nexis-unauthenticated-arbitrary-file-read-vulnerability","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2024-26291-avid-nexis-unauthenticated-arbitrary-file-read-vulnerability\/","title":{"rendered":"CVE-2024-26291 &#8211; Avid NEXIS Unauthenticated Arbitrary File Read Vulnerability"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2024-26291<br \/>\n<br \/>\n<strong>Published : <\/strong> July 14, 2025, 9:15 a.m. | 1\u00a0hour, 14\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>The Application is vulnerable to an Unauthenticated Arbitrary File Read. This affects the<br \/>\nAgent installed on Linux and Windows alike. The parameter filename does not validate the<br \/>\npath thus allowing users to read arbitrary files. As<br \/>\nthe application runs with the highest privileges (root\/NT_AUTHORITY SYSTEM)<br \/>\nby default attackers are able to obtain sensitive information.<\/p>\n<p>This issue affects Avid NEXIS E-series: before 2025.5.1; Avid NEXIS F-series: before 2025.5.1; Avid NEXIS PRO+: before 2025.5.1; System Director Appliance (SDA+): before 2025.5.1.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2024-26291 Published : July 14, 2025, 9:15 a.m. | 1\u00a0hour, 14\u00a0minutes ago Description : The Application is vulnerable to an Unauthenticated Arbitrary File Read. This affects the Agent installed on Linux and Windows alike. The parameter filename does not validate the path thus allowing users to read arbitrary files. As the application &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-66228","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/66228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=66228"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/66228\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=66228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=66228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=66228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}