CVE-2025-69820 – A directory traversal vulnerability in Beam bet... (How to Fix)

Q: What is the severity of CVE-2025-69820?

CVE-2025-69820 has a CVSS score of 6.0 (MEDIUM). A directory traversal vulnerability in Beam beta9 v0.1.521 allows remote attackers to access sensitive files outside the intended directory via the joinCleanPath function. This affects systems running the vulnerable version of Beam beta9, potentially exposing configuration files, credentials, or other sensitive data.

📋 TL;DR

A directory traversal vulnerability in Beam beta9 v0.1.521 allows remote attackers to access sensitive files outside the intended directory via the joinCleanPath function. This affects systems running the vulnerable version of Beam beta9, potentially exposing configuration files, credentials, or other sensitive data.

💻 Affected Systems

Products:

Beam beta9

Versions: v0.1.521

Operating Systems: All platforms running Beam beta9

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the joinCleanPath function which fails to properly sanitize user input for directory traversal sequences.

📦 What is this software?

Beta9 by Beam

View all CVEs affecting Beta9 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through access to sensitive configuration files, credentials, or private keys leading to lateral movement or data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive application files, configuration data, or user information stored on the server.

🟢

If Mitigated

Limited impact with proper file permissions, network segmentation, and input validation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities are well-understood and easily exploitable with simple HTTP requests containing path traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m

Restart Required: Yes

Instructions:

1. Monitor the Beam beta9 repository for security updates. 2. Apply the official patch when available. 3. Restart the Beam beta9 service after patching.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation to reject directory traversal sequences in user-supplied paths.

Implement input validation in application code to reject paths containing '../', '..\', or similar traversal sequences

File Permission Restrictions

linux

Restrict file system permissions to limit what files the application can access.

chmod 600 sensitive_files
chown root:root sensitive_directories

🧯 If You Can't Patch

Implement a web application firewall (WAF) with rules to block directory traversal patterns
Isolate the vulnerable system in a segmented network zone with strict access controls

🔍 How to Verify

Check if Vulnerable:

Check if running Beam beta9 version 0.1.521 by examining the application version or deployment configuration.

Check Version:

Check application logs, configuration files, or deployment manifests for version information

Verify Fix Applied:

Test with controlled directory traversal attempts after implementing workarounds to ensure they are blocked.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../', '..\', or encoded traversal sequences in path parameters
Unusual file access patterns from the application

Network Indicators:

HTTP requests with suspicious path parameters attempting directory traversal

SIEM Query:

source="web_logs" AND (uri="*../*" OR uri="*..\\*")

📊 Metadata

CVE ID: CVE-2025-69820

CVSS v3 Score: 6.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-22

EPSS Score: 0.49% exploit probability (64.9th percentile)

Published: January 22, 2026

Last Updated: February 2, 2026

🔗 References

https://github.com/aws/aws-sdk-php/security/advisories/GHSA-557v-xcg6-rm5m Not Applicable
https://github.com/beam-cloud/beta9/blob/c1cd75e813cf7d53e916157d920099e89ef45caa/pkg/abstractions/volume/multipart.go#L45 Product
https://github.com/ryotaromatsui/CVEs/tree/main/CVE-2025-69820 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69820, you might also want to check these: