In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in 1.47.4 (#7254) and further versions.Referenceshttps://area9.comhttps://security.area9lyceum.com/cve-2025-67810/
