Potential Path Traversal Vulnerability in Primavera P3 PRX and SureTrak STX readers
Published: July 03, 2026
SECURITY IDENTIFIERS
- GHSA: GHSA-7952-gx68-cjqr
- Vendor Advisory: https://github.com/joniles/mpxj/security/advisories/GHSA-7952-gx68-cjqr
GEM
SEVERITY
CVSS v3.x: 5.3 (Medium)
UNAFFECTED VERSIONS
< 7.3.0
PATCHED VERSIONS
>= 16.5.0
DESCRIPTION
Impact
When reading a suitably crafted PRX or STX file, MPXJ can be made to write files to arbitrary locations in the file system.
Workarounds
Do not read PRX or STX files from untrusted sources.
