CVE-2025-41428 Information

Description

Improper limitation of a pathname to a restricted directory (‘Path Traversal’) issue exists in TimeWorks 10.0 to 10.3. If exploited arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.

Reference

https://jvn.jp/en/jp/JVN37075430/ https://www.keiyo-system.co.jp/archives/11310