Path Traversal Vulnerability (0332)
Description
Product Alert – February 2025 - CVE-2025-0332
- Progress® Telerik® UI for WinForms 2024 Q4 (2024.4.1113) or earlier.
Issue
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
What Are the Impacts
In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.
Solution
We have addressed the issue and the Progress Telerik team strongly recommends performing an upgrade to the latest version listed in the table below.
| Current Version | Guidance |
|---|---|
| 2024 Q4 (2024.4.1113) or earlier | Update to 2025 Q1 (2025.1.211) (update instructions) |
All customers who have a license for UI for WinForms can access the downloads here Product Downloads | Your Account.
Notes
- To check your version of Telerik UI for WinForms
- Via source code: Inspect the Version property of any of the
Telerik.WinControls.*assembly references in the project. - Via deployed application: Locate any
Telerik.WinControls.*.dllfile in the application's directory, right-click, select Properties and view the Version in the Details tab.
- Via source code: Inspect the Version property of any of the
- If you have any questions or concerns related to this issue, open a new Technical Support case in Your Account | Support Center. Technical Support is available to Telerik customers with an active support plan.
External References
CVE-2025-0332 (HIGH)
CVSS: 7.8
In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.