app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
CVE-2025-66386: app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin.
Important cybersecurity news update