A directory traversal vulnerability exists when user‑supplied input is used to construct file paths without proper validation or normalization. By supplying specially crafted path sequences, an attacker can escape the intended restricted directory and access arbitrary files or directories on the underlying file system. This vulnerability may be exploited remotely via unauthenticated requests.

• Product: docuForm FSM Client
• Affected Versions: 11.11c
• Vulnerability Type: CWE-209: Information Exposure Through an Error Message
• Risk Level: High - CVSS 3.1: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)
• Vendor URL: www.docuform.de
• Vendor acknowledged vulnerability: Yes
• CVE: CVE-2025-65418

Successful exploitation can allow an attacker to read sensitive files stored outside the application’s intended directory, including configuration files, application source code, system files, and user‑specific data.