CVE-2025-53534 (GCVE-0-2025-53534)
Vulnerability from cvelistv5 – Published: 2025-08-05 20:58 – Updated: 2025-08-06 19:21
VLAI?
Summary
RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.
Severity ?
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53534",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T19:20:45.629155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T19:21:42.760Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "panel",
"vendor": "tnb-labs",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.19, \u003c 2.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305: Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T20:58:56.350Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg"
},
{
"name": "https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1"
},
{
"name": "https://github.com/tnborg/panel/releases/tag/v2.5.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tnborg/panel/releases/tag/v2.5.6"
}
],
"source": {
"advisory": "GHSA-fm3m-jrgm-5ppg",
"discovery": "UNKNOWN"
},
"title": "RatPanel can perform remote command execution without authorization"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53534",
"datePublished": "2025-08-05T20:58:56.350Z",
"dateReserved": "2025-07-02T15:15:11.515Z",
"dateUpdated": "2025-08-06T19:21:42.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-53534\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-05T21:15:38.897\",\"lastModified\":\"2025-08-06T20:23:52.133\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.\"},{\"lang\":\"es\",\"value\":\"RatPanel es un panel de gesti\u00f3n de operaciones y mantenimiento de servidores. En las versiones 2.3.19 a 2.5.5, cuando un atacante obtiene la ruta de acceso del backend de RatPanel (incluyendo, entre otras, rutas predeterminadas d\u00e9biles, ataques de fuerza bruta, etc.), puede ejecutar comandos del sistema o tomar el control de los hosts administrados por el panel sin iniciar sesi\u00f3n. Adem\u00e1s de esta vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE), el c\u00f3digo defectuoso tambi\u00e9n permite accesos no autorizados. RatPanel utiliza el middleware CleanPath, proporcionado por el paquete github.com/go-chi/chi, para limpiar las URL, pero este middleware no procesa r.URL.Path, lo que puede provocar la malinterpretaci\u00f3n de las rutas. Esto se solucion\u00f3 en la versi\u00f3n 2.5.6.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-305\"}]}],\"references\":[{\"url\":\"https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/tnborg/panel/releases/tag/v2.5.6\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53534\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-06T19:20:45.629155Z\"}}}], \"references\": [{\"url\": \"https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-06T16:14:53.446Z\"}}], \"cna\": {\"title\": \"RatPanel can perform remote command execution without authorization\", \"source\": {\"advisory\": \"GHSA-fm3m-jrgm-5ppg\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"tnb-labs\", \"product\": \"panel\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.3.19, \u003c 2.5.6\"}]}], \"references\": [{\"url\": \"https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg\", \"name\": \"https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1\", \"name\": \"https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tnborg/panel/releases/tag/v2.5.6\", \"name\": \"https://github.com/tnborg/panel/releases/tag/v2.5.6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-305\", \"description\": \"CWE-305: Authentication Bypass by Primary Weakness\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-05T20:58:56.350Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-53534\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-06T19:21:42.760Z\", \"dateReserved\": \"2025-07-02T15:15:11.515Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-05T20:58:56.350Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-53534
Vulnerability from fkie_nvd - Published: 2025-08-05 21:15 - Updated: 2025-08-06 20:23
Severity ?
Summary
RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6."
},
{
"lang": "es",
"value": "RatPanel es un panel de gesti\u00f3n de operaciones y mantenimiento de servidores. En las versiones 2.3.19 a 2.5.5, cuando un atacante obtiene la ruta de acceso del backend de RatPanel (incluyendo, entre otras, rutas predeterminadas d\u00e9biles, ataques de fuerza bruta, etc.), puede ejecutar comandos del sistema o tomar el control de los hosts administrados por el panel sin iniciar sesi\u00f3n. Adem\u00e1s de esta vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE), el c\u00f3digo defectuoso tambi\u00e9n permite accesos no autorizados. RatPanel utiliza el middleware CleanPath, proporcionado por el paquete github.com/go-chi/chi, para limpiar las URL, pero este middleware no procesa r.URL.Path, lo que puede provocar la malinterpretaci\u00f3n de las rutas. Esto se solucion\u00f3 en la versi\u00f3n 2.5.6."
}
],
"id": "CVE-2025-53534",
"lastModified": "2025-08-06T20:23:52.133",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-05T21:15:38.897",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/tnborg/panel/releases/tag/v2.5.6"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-305"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-FM3M-JRGM-5PPG
Vulnerability from github – Published: 2025-08-04 20:46 – Updated: 2025-08-06 14:12
VLAI?
Summary
RatPanel can perform remote command execution without authorization
Details
Summary
- When an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in.
- In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access.
Details
In Go, r.URL.Path retrieves the part of the URL that comes after the port and before the query parameters or anchor symbols. For example, in the URL http://localhost:8080/api/ws/ssh?id=1, the retrieved path would be /api/ws/ssh.
However, if the request is made to http://localhost:8080//api/ws/ssh?id=1, the parsed r.URL.Path would be //api/ws/ssh.
RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, The route path inside the chi router will be cleaned to /api/ws/ssh, but this middleware does not process r.URL.Path, so the path is still //api/ws/ssh.
In the must_login middleware, RatPanel uses r.URL.Path to match the hard-coded prefix whitelist, because /api/ws does not match //api/ws. The must_login middleware will allow the request, but //api/ws has been cleaned to /api/ws in the chi router. This inconsistency leads to authentication bypass and accessing the dangerous interfaces such as /api/ws/exec and /api/ws/ssh.
But there are some limitations. Before exploiting this interface, the attacker must first identify the correct backend address of ratpanel to activate session legitimacy—specifically, to ensure sess.Put("verify_entrance", true). That said, accessing /api/ws only requires activating the session and does not require completing further authentication or login steps. Therefore, this is assessed to be a remotely exploitable command execution vulnerability with moderate severity.
PoC
I first carried session=......, accessed the backend login page normally(without completing the authentication process), activated the session, and then used the _wsdump.py script provided by the Python websocket-client library to complete the authentication and exploit the vulnerability.
Because of the authorization code
// internal/http/middleware/must_login.go
if slices.Contains(whiteList, r.URL.Path) || !strings.HasPrefix(r.URL.Path, "/api") {
next.ServeHTTP(w, r)
return
}
This vulnerability affects the authorization mechanism across all APIs, for example
This authentication vulnerability appears to affect versions v2.3.19 to v2.5.5.
Data packet
GET //api/...... HTTP/2
Host: IP:PORT
Cookie: session=XXXXXX
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Connection: close
python _wsdump.py wss://ip:port//api/ws/exec --headers "Cookie: session=xxxxxx" -n
Impact
Users running Ratpanel versions v2.3.19 to v2.5.5—especially those who have exposed their admin panel login URL or use weak login URL paths—are vulnerable to unauthorized access. Additionally, versions v2.5.1 to v2.5.5 are susceptible to server and hosted machine takeover.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/tnborg/panel"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.19"
},
{
"fixed": "2.5.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/tnborg/panel"
},
"ranges": [
{
"events": [
{
"introduced": "0.0.0-20241111062800-91ecd04c2700"
},
{
"fixed": "0.0.0-20250707071915-4985eb2e1f38"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-53534"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-305",
"CWE-436"
],
"github_reviewed": true,
"github_reviewed_at": "2025-08-04T20:46:32Z",
"nvd_published_at": "2025-08-05T21:15:38Z",
"severity": "HIGH"
},
"details": "### Summary\n\n* When an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel **without logging in**.\n* In addition to this **remote code execution (RCE) vulnerability**, the flawed code also leads to **unauthorized access**.\n\n### Details\n\nIn Go, `r.URL.Path` retrieves the part of the URL that comes after the port and before the query parameters or anchor symbols. For example, in the URL `http://localhost:8080/api/ws/ssh?id=1`, the retrieved path would be `/api/ws/ssh`.\n\nHowever, if the request is made to `http://localhost:8080//api/ws/ssh?id=1`, the parsed `r.URL.Path` would be `//api/ws/ssh`. \n\nRatPanel uses the `CleanPath` middleware provided by `github.com/go-chi/chi` package to clean URLs, The route path inside the chi router will be cleaned to `/api/ws/ssh`, but this middleware does not process `r.URL.Path`, so the path is still `//api/ws/ssh`.\n\n\n\nIn the `must_login` middleware, RatPanel uses `r.URL.Path` to match the hard-coded prefix whitelist, because `/api/ws` does not match `//api/ws`. The `must_login` middleware will allow the request, but `//api/ws` has been cleaned to `/api/ws` in the chi router. This inconsistency leads to authentication bypass and accessing the dangerous interfaces such as `/api/ws/exec` and `/api/ws/ssh`.\n\n\n\nBut there are some limitations. Before exploiting this interface, the attacker must first identify the correct backend address of ratpanel to activate session legitimacy\u2014specifically, to ensure `sess.Put(\"verify_entrance\", true)`. That said, accessing `/api/ws` only requires activating the session and does not require completing further authentication or login steps. Therefore, this is assessed to be a remotely exploitable command execution vulnerability with moderate severity.\n\n\n### PoC\n\nI first carried `session=......`, accessed the backend login page normally` (without completing the authentication process)`, activated the session, and then used the [_wsdump.py](https://github.com/websocket-client/websocket-client/blob/master/websocket/_wsdump.py) script provided by the Python websocket-client library to complete the authentication and exploit the vulnerability.\n\n\n\n\n\nBecause of the authorization code\n\n```golang\n// internal/http/middleware/must_login.go\nif slices.Contains(whiteList, r.URL.Path) || !strings.HasPrefix(r.URL.Path, \"/api\") {\n next.ServeHTTP(w, r)\n return\n}\n```\n\nThis vulnerability affects the authorization mechanism across all APIs, for example\n\n\n\n\nThis authentication vulnerability appears to affect versions **v2.3.19 to v2.5.5**.\n\n---\n\nData packet\n\n```text\nGET //api/...... HTTP/2\nHost: IP:PORT\nCookie: session=XXXXXX\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\nAccept-Encoding: gzip, deflate\nContent-Type: application/json; charset=UTF-8\nConnection: close\n\n\n```\n\n```cmd\npython _wsdump.py wss://ip:port//api/ws/exec --headers \"Cookie: session=xxxxxx\" -n\n```\n\n### Impact\n\nUsers running Ratpanel versions v2.3.19 to v2.5.5\u2014especially those who have exposed their admin panel login URL or use weak login URL paths\u2014are vulnerable to unauthorized access. Additionally, versions v2.5.1 to v2.5.5 are susceptible to server and hosted machine takeover.",
"id": "GHSA-fm3m-jrgm-5ppg",
"modified": "2025-08-06T14:12:21Z",
"published": "2025-08-04T20:46:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tnborg/panel/security/advisories/GHSA-fm3m-jrgm-5ppg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53534"
},
{
"type": "WEB",
"url": "https://github.com/tnborg/panel/commit/4985eb2e1f388ecd6faf331941c13cb97368ec1d"
},
{
"type": "WEB",
"url": "https://github.com/tnborg/panel/commit/91ecd04c270061429f9df5ec19cd6b96a9f595f2"
},
{
"type": "WEB",
"url": "https://github.com/tnborg/panel/commit/ed5c74c7534230ba685273504af4c1e1e3598ff1"
},
{
"type": "PACKAGE",
"url": "https://github.com/tnborg/panel"
},
{
"type": "WEB",
"url": "https://github.com/tnborg/panel/releases/tag/v2.5.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "RatPanel can perform remote command execution without authorization"
}
OPENSUSE-SU-2025:15434-1
Vulnerability from csaf_opensuse - Published: 2025-08-12 00:00 - Updated: 2025-08-12 00:00Summary
govulncheck-vulndb-0.0.20250811T192933-1.1 on GA media
Notes
Title of the patch
govulncheck-vulndb-0.0.20250811T192933-1.1 on GA media
Description of the patch
These are all security issues fixed in the govulncheck-vulndb-0.0.20250811T192933-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15434
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250811T192933-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250811T192933-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15434",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15434-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21411 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21411/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-44779 page",
"url": "https://www.suse.com/security/cve/CVE-2025-44779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-50738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-50738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53534 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53534/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53942 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54388 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54410 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54410/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54424 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54576 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54799 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54799/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54801 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54801/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54996 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54997 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54997/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54998 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54999 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55001 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55003 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5999 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5999/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6000 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6004 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6014 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6014/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6015 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6037 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-7195 page",
"url": "https://www.suse.com/security/cve/CVE-2025-7195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8341 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8341/"
}
],
"title": "govulncheck-vulndb-0.0.20250811T192933-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"date": "2025-08-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15434-1",
"initial_release_date": "2025-08-12T00:00:00Z",
"revision_history": [
{
"date": "2025-08-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21411",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21411"
}
],
"notes": [
{
"category": "general",
"text": "OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. The `--gitlab-group` flag for group-based authorization in the GitLab provider stopped working in the v7.0.0 release. Regardless of the flag settings, authorization wasn\u0027t restricted. Additionally, any authenticated users had whichever groups were set in `--gitlab-group` added to the new `X-Forwarded-Groups` header to the upstream application. While adding GitLab project based authorization support in #630, a bug was introduced where the user session\u0027s groups field was populated with the `--gitlab-group` config entries instead of pulling the individual user\u0027s group membership from the GitLab Userinfo endpoint. When the session groups where compared against the allowed groups for authorization, they matched improperly (since both lists were populated with the same data) so authorization was allowed. This impacts GitLab Provider users who relies on group membership for authorization restrictions. Any authenticated users in your GitLab environment can access your applications regardless of `--gitlab-group` membership restrictions. This is patched in v7.1.0. There is no workaround for the Group membership bug. But `--gitlab-project` can be set to use Project membership as the authorization checks instead of groups; it is not broken.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21411",
"url": "https://www.suse.com/security/cve/CVE-2021-21411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-21411"
},
{
"cve": "CVE-2025-44779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-44779"
}
],
"notes": [
{
"category": "general",
"text": "An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-44779",
"url": "https://www.suse.com/security/cve/CVE-2025-44779"
},
{
"category": "external",
"summary": "SUSE Bug 1247810 for CVE-2025-44779",
"url": "https://bugzilla.suse.com/1247810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-44779"
},
{
"cve": "CVE-2025-50738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-50738"
}
],
"notes": [
{
"category": "general",
"text": "The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing such an image, their browser automatically fetches the image URL without explicit user consent or interaction beyond viewing the memo. This can be exploited by an attacker to disclose the viewing user\u0027s IP address, browser User-Agent string, and potentially other request-specific information to the attacker-controlled server, leading to information disclosure and user tracking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-50738",
"url": "https://www.suse.com/security/cve/CVE-2025-50738"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-50738"
},
{
"cve": "CVE-2025-53534",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53534"
}
],
"notes": [
{
"category": "general",
"text": "RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53534",
"url": "https://www.suse.com/security/cve/CVE-2025-53534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-53534"
},
{
"cve": "CVE-2025-53942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53942"
}
],
"notes": [
{
"category": "general",
"text": "authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through 2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML providers can still retain partial access to the system despite their accounts being deactivated. They end up in a half-authenticated state where they cannot access the API but crucially they can authorize applications if they know the URL of the application. To workaround this issue, developers can add an expression policy to the user login stage on the respective authentication flow with the expression of return request.context[\"pending_user\"].is_active. This modification ensures that the return statement only activates the user login stage when the user is active. This issue is fixed in versions authentik 2025.4.4 and 2025.6.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53942",
"url": "https://www.suse.com/security/cve/CVE-2025-53942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-53942"
},
{
"cve": "CVE-2025-54386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54386"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u0027s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54386",
"url": "https://www.suse.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "SUSE Bug 1247524 for CVE-2025-54386",
"url": "https://bugzilla.suse.com/1247524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-54386"
},
{
"cve": "CVE-2025-54388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54388"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules including those created by Docker. While Docker should automatically recreate these rules, versions before 28.3.3 fail to recreate the specific rules that block external access to containers. This means that after a firewalld reload, containers with ports published to localhost (like 127.0.0.1:8080) become accessible from remote machines that have network routing to the Docker bridge, even though they should only be accessible from the host itself. The vulnerability only affects explicitly published ports - unpublished ports remain protected. This issue is fixed in version 28.3.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54388",
"url": "https://www.suse.com/security/cve/CVE-2025-54388"
},
{
"category": "external",
"summary": "SUSE Bug 1247367 for CVE-2025-54388",
"url": "https://bugzilla.suse.com/1247367"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54388"
},
{
"cve": "CVE-2025-54410",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54410"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails to re-create iptables rules that isolate bridge networks, allowing any container to access all ports on any other container across different bridge networks on the same host. This breaks network segmentation between containers that should be isolated, creating significant risk in multi-tenant environments. Only containers in --internal networks remain protected.\nWorkarounds include reloading firewalld and either restarting the docker daemon, re-creating bridge networks, or using rootless mode. Maintainers anticipate a fix for this issue in version 25.0.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54410",
"url": "https://www.suse.com/security/cve/CVE-2025-54410"
},
{
"category": "external",
"summary": "SUSE Bug 1247392 for CVE-2025-54410",
"url": "https://bugzilla.suse.com/1247392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54410"
},
{
"cve": "CVE-2025-54424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54424"
}
],
"notes": [
{
"category": "general",
"text": "1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate validation, leading to unauthorized interface access. Due to the presence of numerous command execution or high-privilege interfaces in 1Panel, this results in Remote Code Execution (RCE). This is fixed in version 2.0.6. The CVE has been translated from Simplified Chinese using GitHub Copilot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54424",
"url": "https://www.suse.com/security/cve/CVE-2025-54424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-54424"
},
{
"cve": "CVE-2025-54576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54576"
}
],
"notes": [
{
"category": "general",
"text": "OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into existing reverse proxy or load balancer setups. In versions 7.10.0 and below, oauth2-proxy deployments are vulnerable when using the skip_auth_routes configuration option with regex patterns. Attackers can bypass authentication by crafting URLs with query parameters that satisfy configured regex patterns, allowing unauthorized access to protected resources. The issue stems from skip_auth_routes matching against the full request URI. Deployments using skip_auth_routes with regex patterns containing wildcards or broad matching patterns are most at risk. This issue is fixed in version 7.11.0. Workarounds include: auditing all skip_auth_routes configurations for overly permissive patterns, replacing wildcard patterns with exact path matches where possible, ensuring regex patterns are properly anchored (starting with ^ and ending with $), or implementing custom validation that strips query parameters before regex matching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54576",
"url": "https://www.suse.com/security/cve/CVE-2025-54576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-54576"
},
{
"cve": "CVE-2025-54799",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54799"
}
],
"notes": [
{
"category": "general",
"text": "Let\u0027s Encrypt client and ACME library written in Go (Lego). In versions 4.25.1 and below, the github.com/go-acme/lego/v4/acme/api package (thus the lego library and the lego cli as well) don\u0027t enforce HTTPS when talking to CAs as an ACME client. Unlike the http-01 challenge which solves an ACME challenge over unencrypted HTTP, the ACME protocol requires HTTPS when a client communicates with the CA to performs ACME functions. However, the library fails to enforce HTTPS both in the original discover URL (configured by the library user) and in the subsequent addresses returned by the CAs in the directory and order objects. If users input HTTP URLs or CAs misconfigure endpoints, protocol operations occur over HTTP instead of HTTPS. This compromises privacy by exposing request/response details like account and request identifiers to network attackers. This was fixed in version 4.25.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54799",
"url": "https://www.suse.com/security/cve/CVE-2025-54799"
},
{
"category": "external",
"summary": "SUSE Bug 1247743 for CVE-2025-54799",
"url": "https://bugzilla.suse.com/1247743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54799"
},
{
"cve": "CVE-2025-54801",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54801"
}
],
"notes": [
{
"category": "general",
"text": "Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber\u0027s Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The root cause is that the decoder attempts to allocate a slice of length idx + 1 without validating whether the index is within a safe or reasonable range. If the idx is excessively large, this leads to an integer overflow or memory exhaustion, causing a panic or crash. This is fixed in version 2.52.9.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54801",
"url": "https://www.suse.com/security/cve/CVE-2025-54801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "not set"
}
],
"title": "CVE-2025-54801"
},
{
"cve": "CVE-2025-54996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54996"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to the root policy. While the identity system allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root policy was restricted to manual generation using unseal or recovery key shares. The global root policy was not accessible from child namespaces. This issue is fixed in version 2.3.2. To workaround this vulnerability, use of denied_parameters in any policy which has access to the affected identity endpoints (on identity entities) may be sufficient to prohibit this type of attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54996",
"url": "https://www.suse.com/security/cve/CVE-2025-54996"
},
{
"category": "external",
"summary": "SUSE Bug 1247888 for CVE-2025-54996",
"url": "https://bugzilla.suse.com/1247888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-54996"
},
{
"cve": "CVE-2025-54997",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54997"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing system code or making network connections. However, these operators can bypass both restrictions through the audit subsystem by manipulating log prefixes. This allows unauthorized code execution and network access that violates the intended security model. This issue is fixed in version 2.3.2. To workaround, users can block access to sys/audit/* endpoints using explicit deny policies, but root operators cannot be restricted this way.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54997",
"url": "https://www.suse.com/security/cve/CVE-2025-54997"
},
{
"category": "external",
"summary": "SUSE Bug 1247889 for CVE-2025-54997",
"url": "https://bugzilla.suse.com/1247889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-54997"
},
{
"cve": "CVE-2025-54998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54998"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions. This is fixed in version 2.3.2. To work around this issue, existing users may apply rate-limiting quotas on the authentication endpoints:, see https://openbao.org/api-docs/system/rate-limit-quotas/.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54998",
"url": "https://www.suse.com/security/cve/CVE-2025-54998"
},
{
"category": "external",
"summary": "SUSE Bug 1247890 for CVE-2025-54998",
"url": "https://bugzilla.suse.com/1247890"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-54998"
},
{
"cve": "CVE-2025-54999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54999"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao\u0027s userpass auth method, user enumeration was possible due to timing difference between non-existent users and users with stored credentials. This is independent of whether the supplied credentials were valid for the given user. This issue was fixed in version 2.3.2. To work around this issue, users may use another auth method or apply rate limiting quotas to limit the number of requests in a period of time: https://openbao.org/api-docs/system/rate-limit-quotas/.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54999",
"url": "https://www.suse.com/security/cve/CVE-2025-54999"
},
{
"category": "external",
"summary": "SUSE Bug 1247891 for CVE-2025-54999",
"url": "https://bugzilla.suse.com/1247891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-54999"
},
{
"cve": "CVE-2025-55000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55000"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao\u0027s TOTP secrets engine could accept valid codes multiple times rather than strictly-once. This was caused by unexpected normalization in the underlying TOTP library. To work around, ensure that all codes are first normalized before submitting to the OpenBao endpoint. TOTP code verification is a privileged action; only trusted systems should be verifying codes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55000",
"url": "https://www.suse.com/security/cve/CVE-2025-55000"
},
{
"category": "external",
"summary": "SUSE Bug 1247892 for CVE-2025-55000",
"url": "https://bugzilla.suse.com/1247892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55000"
},
{
"cve": "CVE-2025-55001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55001"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity aliases, chosen by the underlying auth method. When the username_as_alias=true parameter in the LDAP auth method was in use, the caller-supplied username was used verbatim without normalization, allowing an attacker to bypass alias-specific MFA requirements. This issue was fixed in version 2.3.2. To work around this, remove all usage of the username_as_alias=true parameter and update any entity aliases accordingly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55001",
"url": "https://www.suse.com/security/cve/CVE-2025-55001"
},
{
"category": "external",
"summary": "SUSE Bug 1247893 for CVE-2025-55001",
"url": "https://bugzilla.suse.com/1247893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55001"
},
{
"cve": "CVE-2025-55003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55003"
}
],
"notes": [
{
"category": "general",
"text": "OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao\u0027s Login Multi-Factor Authentication (MFA) system allows enforcing MFA using Time-based One Time Password (TOTP). Due to normalization applied by the underlying TOTP library, codes were accepted which could contain whitespace; this whitespace could bypass internal rate limiting of the MFA method and allow reuse of existing MFA codes. This issue was fixed in version 2.3.2. To work around this, use of rate-limiting quotas can limit an attacker\u0027s ability to exploit this: https://openbao.org/api-docs/system/rate-limit-quotas/.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55003",
"url": "https://www.suse.com/security/cve/CVE-2025-55003"
},
{
"category": "external",
"summary": "SUSE Bug 1247894 for CVE-2025-55003",
"url": "https://bugzilla.suse.com/1247894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-55003"
},
{
"cve": "CVE-2025-5999",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5999"
}
],
"notes": [
{
"category": "general",
"text": "A privileged Vault operator with write permissions to the root namespace\u0027s identity endpoint could escalate their own or another user\u0027s token privileges to Vault\u0027s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5999",
"url": "https://www.suse.com/security/cve/CVE-2025-5999"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-5999"
},
{
"cve": "CVE-2025-6000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6000"
}
],
"notes": [
{
"category": "general",
"text": "A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault\u0027s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6000",
"url": "https://www.suse.com/security/cve/CVE-2025-6000"
},
{
"category": "external",
"summary": "SUSE Bug 1247546 for CVE-2025-6000",
"url": "https://bugzilla.suse.com/1247546"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6000"
},
{
"cve": "CVE-2025-6004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6004"
}
],
"notes": [
{
"category": "general",
"text": "Vault and Vault Enterprise\u0027s (\"Vault\") user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6004",
"url": "https://www.suse.com/security/cve/CVE-2025-6004"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-6004"
},
{
"cve": "CVE-2025-6011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6011"
}
],
"notes": [
{
"category": "general",
"text": "A timing side channel in Vault and Vault Enterprise\u0027s (\"Vault\") userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault\u0027s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6011",
"url": "https://www.suse.com/security/cve/CVE-2025-6011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-6011"
},
{
"cve": "CVE-2025-6013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6013"
}
],
"notes": [
{
"category": "general",
"text": "Vault and Vault Enterprise\u0027s (\"Vault\") ldap auth method may not have correctly enforced MFA if username_as_alias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and 1.16.24.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6013",
"url": "https://www.suse.com/security/cve/CVE-2025-6013"
},
{
"category": "external",
"summary": "SUSE Bug 1247698 for CVE-2025-6013",
"url": "https://bugzilla.suse.com/1247698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-6013"
},
{
"cve": "CVE-2025-6014",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6014"
}
],
"notes": [
{
"category": "general",
"text": "Vault and Vault Enterprise\u0027s (\"Vault\") TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6014",
"url": "https://www.suse.com/security/cve/CVE-2025-6014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-6014"
},
{
"cve": "CVE-2025-6015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6015"
}
],
"notes": [
{
"category": "general",
"text": "Vault and Vault Enterprise\u0027s (\"Vault\") login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6015",
"url": "https://www.suse.com/security/cve/CVE-2025-6015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-6015"
},
{
"cve": "CVE-2025-6037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6037"
}
],
"notes": [
{
"category": "general",
"text": "Vault and Vault Enterprise (\"Vault\") TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6037",
"url": "https://www.suse.com/security/cve/CVE-2025-6037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-6037"
},
{
"cve": "CVE-2025-7195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-7195"
}
],
"notes": [
{
"category": "general",
"text": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. \n\nIn affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-7195",
"url": "https://www.suse.com/security/cve/CVE-2025-7195"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-7195"
},
{
"cve": "CVE-2025-8341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8341"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints.\n\n\nIf the plugin was configured to allow only certain URLs, an attacker could bypass this restriction using a specially crafted URL. This vulnerability is fixed in version 3.4.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8341",
"url": "https://www.suse.com/security/cve/CVE-2025-8341"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250811T192933-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-8341"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…