Logo
 Get Started

Security Advisory

June 9, 2025
Paul

A security issue affecting Blesta versions 4.0.0 through 5.11.3 has been identified.

A path traversal vulnerability has been discovered, though the vulnerability does not allow the disclosure of Blesta configuration files. We recommend applying the appropriate patch for your release, or upgrading to version 5.11.4 as soon as possible. We give this an impact rating of High.

More information about how we rate vulnerabilities can be found on our Security Advisories page.

Always back up your files and database prior to upgrading and be sure to run /admin/upgrade in your browser after uploading either a patch or full release. Patch releases may only be applied to the minor release to which it belongs, so download the appropriate patch for your minor version. If you are running a version of Blesta between 4.0 and 5.11, upgrade to 5.11.4.

Downloads

Download 5.11.4 Patch Download 5.11.4 Full 

% blesta-5.11.4.zip
6003fcf0caadc255b7b43e0a504b130e0a0f8751e22d270e9fd126299e018548

% blesta-5.11.0-5.11.4.zip
353996300dd83ceb91b887691aa1956b2be97dd5c481cd5acf290db51d5078f2

Download 5.10.4 Patch 

% blesta-5.10.0-5.10.4.zip
37c102ac7f539a039d2b39354f60c5e504c617e32037a228a15b84009a097018

To patch your installation, please follow the instructions for Patching an Existing Install from our user manual.

Resolution

  • If you are running version 5.11.x, apply the 5.11.4 patch above.
  • If you are running version 5.10.x, apply the 5.10.4 patch above.
  • If you are running version 4.0.x through 5.11.x, upgrade to 5.11.4 Full.

Mitigation

It is best to upgrade to 5.11.4 or apply the appropriate patch. However, if you are running an affected unsupported version of Blesta (version 4.0 through 5.9), and you need more time to upgrade, it is possible to mitigate. We are not publishing mitigation steps now due to nature of the vulnerability. For mitigation steps, open a ticket from within your account and provide your license key as well as the version of Blesta you are running along with the reason you are not able to upgrade.

Credits

This issue was reported by a customer in accordance with our Responsible Disclosure Policy.

2 min read, 311 words
Share this post:
Related Tags:
5.10.4 5.11.4 patch advisory security
Top