IWX-CVE-2025-13057 (2025-01-22) =============================== At approximately 13:47 Eastern, January 16, 2025, security researchers disclosed a new vulnerability where exploiting an .htaccess file could potentially provide access to other files on the server. At approximately 09:12 Eastern, January 20, 2025, InterWorx released hotfixes to correct this vulnerability. This vulnerability is considered critical. All InterWorx users are strongly encouraged to upgrade to the latest version, or confirm that the hotfix has been applied. .. contents:: Affected InterWorx Versions --------------------------- - All InterWorx 6 <= 6.14.5 - All InterWorx 7 <= 7.13.53 - All InterWorx 8 <= 8.0.29 Fixed in Versions ----------------- - 6.14.5 - 7.13.54 - 8.0.30 Hotfixes Available ------------------ - interworx-hotfix-6.14.1.2344-38.noarch.rpm - interworx-hotfix-6.14.5.2593-14.noarch.rpm - interworx-hotfix-7.13.51.2923-2.noarch.rpm - interworx-hotfix-7.13.52.2947-1.noarch.rpm - interworx-hotfix-7.13.53.2951-1.noarch.rpm - interworx-hotfix-8.0.27.2945-1.noarch.rpm - interworx-hotfix-8.0.28.2949-1.noarch.rpm - interworx-hotfix-8.0.29.2956-1.noarch.rpm Installation and Verification ----------------------------- On a standard InterWorx installation, hotfixes are automatically applied every 6 hours. To verify if a system has been patched: #. Log in to the server at the CLI as root, either via SSH or from the terminal #. At the CLI, run the following command, and compare the output to the list above: .. code-block:: rpm -q interworx-hotfix #. If the version listed in the command output is not in the list above, run the following to attempt to install the latest hotfix: .. code-block:: ~iworx/bin/hotfix.pex --install --force #. Check the list, again .. code-block:: rpm -q interworx-hotfix If the hotfix version in the command output is still not one found in the above list, please :doc:`enable Remote Assistance ` and then `open a support ticket with InterWorx support `__.