CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
CVE-2025-66625 (GCVE-0-2025-66625)
Vulnerability from cvelistv5 – Published: 2025-12-09 20:09 – Updated: 2025-12-12 20:33
VLAI
Title
Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality
Summary
Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application’s error responses (HTTP 500 when a file exists, 404 when it does not) allow the attacker to enumerate the existence of arbitrary files on the server’s filesystem. This vulnerability does not allow reading or writing file contents. In certain configurations, incomplete clean-up of temporary upload files may additionally expose the NTLM hash of the Windows account running the Umbraco application. This issue is fixed in version 13.12.1.
Severity
4.9 (Medium)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/umbraco/Umbraco-CMS/security/a… | x_refsource_CONFIRM |
| https://github.com/umbraco/Umbraco-CMS/commit/750… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| umbraco | Umbraco-CMS |
Affected:
10.0.0, < 13.12.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-12T20:33:00.507249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-12T20:33:09.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Umbraco-CMS",
"vendor": "umbraco",
"versions": [
{
"status": "affected",
"version": "10.0.0, \u003c 13.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temporary files in versions 10.0.0 through 13.12.0, during the dictionary upload process an attacker with access to the backoffice can trigger predictable requests to temporary file paths. The application\u2019s error responses (HTTP 500 when a file exists, 404 when it does not) allow the attacker to enumerate the existence of arbitrary files on the server\u2019s filesystem. This vulnerability does not allow reading or writing file contents. In certain configurations, incomplete clean-up of temporary upload files may additionally expose the NTLM hash of the Windows account running the Umbraco application. This issue is fixed in version 13.12.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377: Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T20:09:27.054Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hfv2-pf68-m33x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-hfv2-pf68-m33x"
},
{
"name": "https://github.com/umbraco/Umbraco-CMS/commit/7505efd433189037f46547932d4a8b603fd4a615",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/umbraco/Umbraco-CMS/commit/7505efd433189037f46547932d4a8b603fd4a615"
}
],
"source": {
"advisory": "GHSA-hfv2-pf68-m33x",
"discovery": "UNKNOWN"
},
"title": "Umbraco Vulnerable to Improper File Access and Credential Exposure through Dictionary Import Functionality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66625",
"datePublished": "2025-12-09T20:09:27.054Z",
"dateReserved": "2025-12-05T15:18:02.789Z",
"dateUpdated": "2025-12-12T20:33:09.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68109 (GCVE-0-2025-68109)
Vulnerability from cvelistv5 – Published: 2025-12-17 21:29 – Updated: 2025-12-18 15:08
VLAI
Title
ChurchCRM vulnerable to RCE with database restore functionality
Summary
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server. Version 6.5.3 fixes the issue.
Severity
9.1 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-434 - Unrestricted Upload of File with Dangerous Type
- CWE-494 - Download of Code Without Integrity Check
- CWE-552 - Files or Directories Accessible to External Parties
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/ChurchCRM/CRM/security/advisor… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68109",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T14:55:15.851762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:08:39.365Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CRM",
"vendor": "ChurchCRM",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server. Version 6.5.3 fixes the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494: Download of Code Without Integrity Check",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:29:39.452Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-pqm7-g8px-9r77",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ChurchCRM/CRM/security/advisories/GHSA-pqm7-g8px-9r77"
}
],
"source": {
"advisory": "GHSA-pqm7-g8px-9r77",
"discovery": "UNKNOWN"
},
"title": "ChurchCRM vulnerable to RCE with database restore functionality"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68109",
"datePublished": "2025-12-17T21:29:39.452Z",
"dateReserved": "2025-12-15T14:44:59.220Z",
"dateUpdated": "2025-12-18T15:08:39.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7389 (GCVE-0-2025-7389)
Vulnerability from cvelistv5 – Published: 2026-04-14 13:12 – Updated: 2026-04-14 14:04
VLAI
Title
Unauthorized Arbitrary File Read via RMI in AdminServer Interface
Summary
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server
through the adopted authority of the AdminServer process itself. The delegated authority of the AdminServer could allow its users the ability to read arbitrary files on the host system through the misuse of the setFile() and openFile()
methods exposed through the RMI interface. Misuse was limited only by OS-level authority of the AdminServer's elevated
privileges granted and the user's access to these methods enabled through RMI. The exploitable methods have been removed thus eliminating their access through RMI or downstream of the RMI registry.
Severity
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Progress Software Corporation | OpenEdge |
Affected:
OpenEdge 12.2.0 , ≤ 12.2.9
(custom)
Affected: OpenEdge 12.8.0 , ≤ 12.2.18 (custom) |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T14:01:57.322738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T14:04:52.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"OpenEdge AdminServer"
],
"platforms": [
"Windows",
"Linux",
"64 bit",
"32 bit"
],
"product": "OpenEdge",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThanOrEqual": "12.2.9",
"status": "affected",
"version": "OpenEdge 12.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "12.2.18",
"status": "affected",
"version": "OpenEdge 12.8.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Riedmaier, Siemens Energy"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the \u003ccode\u003eAdminServer\u003c/code\u003e component of OpenEdge on all supported platforms grants its authenticated users\u0026nbsp;OS-level access to the server\nthrough the adopted authority of the AdminServer process itself.\u0026nbsp; The delegated authority of the AdminServer could allow its users the ability to read arbitrary files on the host system through the misuse of the \u003ccode\u003esetFile()\u003c/code\u003e and \u003ccode\u003eopenFile()\u003c/code\u003e\n methods exposed through the RMI interface.\u0026nbsp; Misuse was limited only by OS-level authority of the AdminServer\u0027s elevated \nprivileges granted and the user\u0027s access to these methods enabled through RMI.\u0026nbsp; The exploitable methods have been removed thus eliminating their access through RMI or downstream of the RMI registry."
}
],
"value": "A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users\u00a0OS-level access to the server\nthrough the adopted authority of the AdminServer process itself.\u00a0 The delegated authority of the AdminServer could allow its users the ability to read arbitrary files on the host system through the misuse of the setFile() and openFile()\n methods exposed through the RMI interface.\u00a0 Misuse was limited only by OS-level authority of the AdminServer\u0027s elevated \nprivileges granted and the user\u0027s access to these methods enabled through RMI.\u00a0 The exploitable methods have been removed thus eliminating their access through RMI or downstream of the RMI registry."
}
],
"impacts": [
{
"capecId": "CAPEC-497",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-497"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T13:12:54.559Z",
"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"shortName": "ProgressSoftware"
},
"references": [
{
"url": "https://community.progress.com/s/article/Important-Arbitrary-File-Ready-Security-Update-for-OpenEdge-AdminServer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthorized Arbitrary File Read via RMI in AdminServer Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
"assignerShortName": "ProgressSoftware",
"cveId": "CVE-2025-7389",
"datePublished": "2026-04-14T13:12:54.559Z",
"dateReserved": "2025-07-09T13:01:22.716Z",
"dateUpdated": "2026-04-14T14:04:52.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9273 (GCVE-0-2025-9273)
Vulnerability from cvelistv5 – Published: 2025-09-02 20:00 – Updated: 2025-09-03 15:54
VLAI
Title
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability
Summary
CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the usage of MySQL connections. When connecting to a MySQL server, the product enables an option that gives the MySQL server permission to request local files from the MySQL client. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. Was ZDI-CAN-23950.
Severity
4.3 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CData | API Server |
Affected:
23.0.8844.0
|
Date Public
2025-08-20 22:03
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T13:56:28.021643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T15:54:08.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "API Server",
"vendor": "CData",
"versions": [
{
"status": "affected",
"version": "23.0.8844.0"
}
]
}
],
"dateAssigned": "2025-08-20T18:06:10.878Z",
"datePublic": "2025-08-20T22:03:10.085Z",
"descriptions": [
{
"lang": "en",
"value": "CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the usage of MySQL connections. When connecting to a MySQL server, the product enables an option that gives the MySQL server permission to request local files from the MySQL client. An attacker can leverage this vulnerability to disclose information in the context of NETWORK SERVICE. Was ZDI-CAN-23950."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-02T20:00:19.498Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-25-852",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-852/"
}
],
"source": {
"lang": "en",
"value": "adhkr - LuwakLab"
},
"title": "CData API Server MySQL Misconfiguration Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2025-9273",
"datePublished": "2025-09-02T20:00:19.498Z",
"dateReserved": "2025-08-20T18:06:10.793Z",
"dateUpdated": "2025-09-03T15:54:08.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-2330 (GCVE-0-2026-2330)
Vulnerability from cvelistv5 – Published: 2026-03-06 07:54 – Updated: 2026-03-09 21:04
VLAI
Title
CVE-2026-2330
Summary
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.
Severity
9.4 (Critical)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.sick.com/psirt | x_SICK PSIRT Security Advisories |
| https://www.sick.com/media/docs/9/19/719/special_… | x_SICK Operating Guidelines |
| https://www.cisa.gov/resources-tools/resources/ic… | x_ICS-CERT recommended practices on Industrial Security |
| https://www.first.org/cvss/calculator/3.1 | x_CVSS v3.1 Calculator |
| https://www.sick.com/.well-known/csaf/white/2026/… | x_The canonical URL. |
| https://www.sick.com/.well-known/csaf/white/2026/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SICK AG | SICK Lector85x |
Affected:
0 , < 2.8.0
(custom)
|
|
| SICK AG | SICK Lector83x |
Affected:
0 , < 2.8.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:56:25.769774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T21:04:31.663Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Lector85x",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SICK Lector83x",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "2.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters.\u003c/p\u003e"
}
],
"value": "An attacker may access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Certain directories intended for internal testing were not covered by the whitelist and are accessible without authentication. An unauthenticated attacker could place a manipulated parameter file that becomes active after a reboot, allowing modification of critical device settings, including network configuration and application parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"environmentalScore": 9.4,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.4,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T07:54:45.958Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Security Advisories"
],
"url": "https://www.sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"x_The canonical URL."
],
"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsers are strongly recommended to upgrade to release version 2.8.0.\u003c/p\u003e"
}
],
"value": "Users are strongly recommended to upgrade to release version 2.8.0."
}
],
"source": {
"advisory": "SCA-2026-0006",
"discovery": "INTERNAL"
},
"title": "CVE-2026-2330",
"x_generator": {
"engine": "csaf2cve 0.2.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2026-2330",
"datePublished": "2026-03-06T07:54:45.958Z",
"dateReserved": "2026-02-11T09:33:15.947Z",
"dateUpdated": "2026-03-09T21:04:31.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2331 (GCVE-0-2026-2331)
Vulnerability from cvelistv5 – Published: 2026-03-06 07:56 – Updated: 2026-03-09 21:04
VLAI
Title
CVE-2026-2331
Summary
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.
Severity
9.8 (Critical)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.sick.com/psirt | x_SICK PSIRT Security Advisories |
| https://www.sick.com/media/docs/9/19/719/special_… | x_SICK Operating Guidelines |
| https://www.cisa.gov/resources-tools/resources/ic… | x_ICS-CERT recommended practices on Industrial Security |
| https://www.first.org/cvss/calculator/3.1 | x_CVSS v3.1 Calculator |
| https://www.sick.com/.well-known/csaf/white/2026/… | x_The canonical URL. |
| https://www.sick.com/.well-known/csaf/white/2026/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SICK AG | SICK Lector85x |
Affected:
2.6.0 , ≤ 2.7.0
(custom)
|
|
| SICK AG | SICK Lector83x |
Affected:
2.6.0 , ≤ 2.7.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T20:55:24.319999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T21:04:31.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Lector85x",
"vendor": "SICK AG",
"versions": [
{
"lessThanOrEqual": "2.7.0",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SICK Lector83x",
"vendor": "SICK AG",
"versions": [
{
"lessThanOrEqual": "2.7.0",
"status": "affected",
"version": "2.6.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment.\u003c/p\u003e"
}
],
"value": "An attacker may perform unauthenticated read and write operations on sensitive filesystem areas via the AppEngine Fileaccess over HTTP due to improper access restrictions. A critical filesystem directory was unintentionally exposed through the HTTP-based file access feature, allowing access without authentication. This includes device parameter files, enabling an attacker to read and modify application settings, including customer-defined passwords. Additionally, exposure of the custom application directory may allow execution of arbitrary Lua code within the sandboxed AppEngine environment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T07:56:35.445Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Security Advisories"
],
"url": "https://www.sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"x_The canonical URL."
],
"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.json"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0006.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsers are strongly recommended to upgrade to release version 2.8.0.\u003c/p\u003e"
}
],
"value": "Users are strongly recommended to upgrade to release version 2.8.0."
}
],
"source": {
"advisory": "SCA-2026-0006",
"discovery": "INTERNAL"
},
"title": "CVE-2026-2331",
"x_generator": {
"engine": "csaf2cve 0.2.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2026-2331",
"datePublished": "2026-03-06T07:56:35.445Z",
"dateReserved": "2026-02-11T09:33:16.256Z",
"dateUpdated": "2026-03-09T21:04:31.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24732 (GCVE-0-2026-24732)
Vulnerability from cvelistv5 – Published: 2026-03-04 12:13 – Updated: 2026-03-04 14:27
VLAI
Title
Improper permission checks in Extension:NSFileRepo
Summary
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0.
HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5
Severity
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hallo Welt! GmbH | BlueSpice |
Affected:
5.1 , ≤ 5.1.3
(semver)
Affected: 5.2 , ≤ 5.2.0 (semver) |
Date Public
2025-09-18 12:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T14:26:52.232334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T14:27:00.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Extension:NSFileRepo"
],
"packageName": "Extension:NSFileRepo",
"product": "BlueSpice",
"vendor": "Hallo Welt! GmbH",
"versions": [
{
"lessThanOrEqual": "5.1.3",
"status": "affected",
"version": "5.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.0",
"status": "affected",
"version": "5.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-18T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.\u003cp\u003eThis issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0.\u003c/p\u003e\u003cp\u003eHINT: Versions provided apply to BlueSpice MediaWiki releases. For\u0026nbsp;Extension:NSFileRepo the affected versions are 3.0 \u0026lt; 3.0.5\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0.\n\nHINT: Versions provided apply to BlueSpice MediaWiki releases. For\u00a0Extension:NSFileRepo the affected versions are 3.0 \u003c 3.0.5"
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
},
{
"capecId": "CAPEC-395",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-395 Bypassing Electronic Locks and Access Controls"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "PRESENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/S:P/AU:Y/RE:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T13:09:58.832Z",
"orgId": "ff95705b-1a40-4639-8017-a58fa868baee",
"shortName": "HW"
},
"references": [
{
"url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2026-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper permission checks in Extension:NSFileRepo",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Make sure\u0026nbsp;\u003ccode\u003e\u003ccode\u003e$wgGroupPermissions[\u0027*\u0027][\u0027read\u0027]\u003c/code\u003e\u003c/code\u003e\u003ccode\u003e\u003c/code\u003e is set to \u003ccode\u003efalse\u003c/code\u003e in the\u0026nbsp; \u003ccode\u003eLocalSettings.php\u003c/code\u003e."
}
],
"value": "Make sure\u00a0$wgGroupPermissions[\u0027*\u0027][\u0027read\u0027] is set to false in the\u00a0 LocalSettings.php."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff95705b-1a40-4639-8017-a58fa868baee",
"assignerShortName": "HW",
"cveId": "CVE-2026-24732",
"datePublished": "2026-03-04T12:13:09.918Z",
"dateReserved": "2026-02-06T14:21:19.100Z",
"dateUpdated": "2026-03-04T14:27:00.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25137 (GCVE-0-2026-25137)
Vulnerability from cvelistv5 – Published: 2026-02-02 22:47 – Updated: 2026-02-04 16:53
VLAI
Title
NixOs Odoo database and filestore publicly accessible with default odoo configuration
Summary
The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store. Unauthorized access is evident from http requests. If kept, searching access logs and/or Odoos log for requests to /web/database can give indicators, if this has been actively exploited. The database manager is a featured intended for development and not meant to be publicly reachable. On other setups, a master password acts as 2nd line of defence. However, due to the nature of NixOS, Odoo is not able to modify its own configuration file and thus unable to persist the auto-generated password. This also applies when manually setting a master password in the web-UI. This means, the password is lost when restarting Odoo. When no password is set, the user is prompted to set one directly via the database manager. This requires no authentication or action by any authorized user or the system administrator. Thus, the database is effectively world readable by anyone able to reach Odoo. This vulnerability is fixed in 25.11 and 26.05.
Severity
9.1 (Critical)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/NixOS/nixpkgs/security/advisor… | x_refsource_CONFIRM |
| https://github.com/NixOS/nixpkgs/pull/485310 | x_refsource_MISC |
| https://github.com/NixOS/nixpkgs/pull/485454 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T15:55:17.650303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:53:13.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nixpkgs",
"vendor": "NixOS",
"versions": [
{
"status": "affected",
"version": "\u003e= 21.11, \u003c 25.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store. Unauthorized access is evident from http requests. If kept, searching access logs and/or Odoos log for requests to /web/database can give indicators, if this has been actively exploited. The database manager is a featured intended for development and not meant to be publicly reachable. On other setups, a master password acts as 2nd line of defence. However, due to the nature of NixOS, Odoo is not able to modify its own configuration file and thus unable to persist the auto-generated password. This also applies when manually setting a master password in the web-UI. This means, the password is lost when restarting Odoo. When no password is set, the user is prompted to set one directly via the database manager. This requires no authentication or action by any authorized user or the system administrator. Thus, the database is effectively world readable by anyone able to reach Odoo. This vulnerability is fixed in 25.11 and 26.05."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-02T22:47:50.167Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-cwmq-6wv5-f3px",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NixOS/nixpkgs/security/advisories/GHSA-cwmq-6wv5-f3px"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/485310",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/485310"
},
{
"name": "https://github.com/NixOS/nixpkgs/pull/485454",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NixOS/nixpkgs/pull/485454"
}
],
"source": {
"advisory": "GHSA-cwmq-6wv5-f3px",
"discovery": "UNKNOWN"
},
"title": "NixOs Odoo database and filestore publicly accessible with default odoo configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25137",
"datePublished": "2026-02-02T22:47:50.167Z",
"dateReserved": "2026-01-29T14:03:42.540Z",
"dateUpdated": "2026-02-04T16:53:13.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25231 (GCVE-0-2026-25231)
Vulnerability from cvelistv5 – Published: 2026-02-09 18:34 – Updated: 2026-02-10 16:01
VLAI
Title
FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control
Summary
FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0.
Severity
7.5 (High)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/error311/FileRise/security/adv… | x_refsource_CONFIRM |
| https://github.com/error311/FileRise/releases/tag… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T15:39:55.256400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:01:25.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FileRise",
"vendor": "error311",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploads directory. Files uploaded to this directory can be accessed directly by any user who knows or can guess the file path, without requiring authentication. As a result, sensitive data could be exposed, and privacy may be breached. This vulnerability is fixed in 3.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T18:34:36.858Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/error311/FileRise/security/advisories/GHSA-hv99-77cw-hvpr"
},
{
"name": "https://github.com/error311/FileRise/releases/tag/v3.3.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/error311/FileRise/releases/tag/v3.3.0"
}
],
"source": {
"advisory": "GHSA-hv99-77cw-hvpr",
"discovery": "UNKNOWN"
},
"title": "FileRise affected by an Unauthenticated File Read Due to Insufficient Access Control"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25231",
"datePublished": "2026-02-09T18:34:36.858Z",
"dateReserved": "2026-01-30T14:44:47.328Z",
"dateUpdated": "2026-02-10T16:01:25.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-29066 (GCVE-0-2026-29066)
Vulnerability from cvelistv5 – Published: 2026-03-12 16:57 – Updated: 2026-03-13 16:27
VLAI
Title
Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI
Summary
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8.
Severity
6.2 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/tinacms/tinacms/security/advis… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-29066",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T16:27:18.883170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T16:27:22.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cli",
"vendor": "@tinacms",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite\u0027s built-in filesystem access restriction. This allows any unauthenticated attacker who can reach the dev server to read arbitrary files on the host system. This vulnerability is fixed in 2.1.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:57:41.393Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tinacms/tinacms/security/advisories/GHSA-m48g-4wr2-j2h6"
}
],
"source": {
"advisory": "GHSA-m48g-4wr2-j2h6",
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-29066",
"datePublished": "2026-03-12T16:57:41.393Z",
"dateReserved": "2026-03-03T20:51:43.482Z",
"dateUpdated": "2026-03-13T16:27:22.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.