Mockoon before 9.2.0 contains a path traversal and local file inclusion caused by unsafe templating of server filenames from user input, letting attackers read arbitrary files on the mock server filesystem, exploit requires crafted request.
id: CVE-2025-59049
info:
name: Mockoon < 9.2.0 - Path Traversal
author: iamnoooob,rootxharsh,pd
...