FKIE_CVE-2025-30352
Vulnerability from fkie_nvd - Published: 2025-03-26 18:15 - Updated: 2025-08-26 01:41
Severity ?
Summary
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the enumeration of unknown field contents. The searchable columns (numbers & strings) are not checked against permissions when injecting the `where` clauses for applying the search query. This leads to the possibility of enumerating those un-permitted fields. Version 11.5.0 fixes the issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:monospace:directus:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "A325DF47-2060-4AB3-B23A-3E49FB326B99",
"versionEndExcluding": "11.5.0",
"versionStartIncluding": "9.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha10:*:*:*:node.js:*:*",
"matchCriteriaId": "57E957B1-893E-433F-87F0-578F79A0588C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha11:*:*:*:node.js:*:*",
"matchCriteriaId": "DACEC925-A059-41FE-AC2B-801BFF3934CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha12:*:*:*:node.js:*:*",
"matchCriteriaId": "406882F6-A01E-4648-A32A-1C8868BBF22C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha13:*:*:*:node.js:*:*",
"matchCriteriaId": "05490D09-A45C-407C-A8EE-832694AD7BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha14:*:*:*:node.js:*:*",
"matchCriteriaId": "DAAB7BAA-2678-40A6-A307-E770C7D1A39A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha15:*:*:*:node.js:*:*",
"matchCriteriaId": "C921077E-DF8F-4E5E-BE39-4F2514FF7965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha16:*:*:*:node.js:*:*",
"matchCriteriaId": "A2454930-529A-40BD-8C78-9E7B50814A8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha17:*:*:*:node.js:*:*",
"matchCriteriaId": "1307B32A-12DC-43D7-9B92-AEB57E208FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha18:*:*:*:node.js:*:*",
"matchCriteriaId": "0FF46870-7A9F-485F-82C4-28605C271A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha19:*:*:*:node.js:*:*",
"matchCriteriaId": "81809A12-1D08-425C-A158-3EC277760915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha20:*:*:*:node.js:*:*",
"matchCriteriaId": "A41BE61B-B73A-445D-9470-91F5C557FEDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha21:*:*:*:node.js:*:*",
"matchCriteriaId": "3119C562-9579-469A-A15D-34BC83742F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha22:*:*:*:node.js:*:*",
"matchCriteriaId": "FDABCC24-0BAD-4273-9462-A86068FC69C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha23:*:*:*:node.js:*:*",
"matchCriteriaId": "02071B13-14CE-4F4A-BC7B-DDDAC9E55F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha24:*:*:*:node.js:*:*",
"matchCriteriaId": "44BFEE06-A74F-44C3-BBC1-828BFBB011BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha25:*:*:*:node.js:*:*",
"matchCriteriaId": "38470832-C67F-4BC1-BC32-6CDD5803B665",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha26:*:*:*:node.js:*:*",
"matchCriteriaId": "7FBC0113-A30A-44EF-915B-1F1223DC22E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha27:*:*:*:node.js:*:*",
"matchCriteriaId": "2120E7BF-7560-4CDA-86EB-CC5B2A872F1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha31:*:*:*:node.js:*:*",
"matchCriteriaId": "06864B05-6E46-4F15-B75B-3F5A4A86AF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha32:*:*:*:node.js:*:*",
"matchCriteriaId": "A5EDDAA8-866A-428B-8071-6B4FE6DA146A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha33:*:*:*:node.js:*:*",
"matchCriteriaId": "65AD8FCD-9C99-4E73-86C6-6830757F00AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha34:*:*:*:node.js:*:*",
"matchCriteriaId": "1F8FDF4D-D4D3-463C-AF01-3D92B1402DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha35:*:*:*:node.js:*:*",
"matchCriteriaId": "160C0A93-BD3F-403F-94FC-DFDAE5B45601",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha36:*:*:*:node.js:*:*",
"matchCriteriaId": "38F094AA-8531-4BE7-96B3-14B1B7BCDAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha37:*:*:*:node.js:*:*",
"matchCriteriaId": "774E7656-2420-4145-B7D5-1DFE219D0C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha38:*:*:*:node.js:*:*",
"matchCriteriaId": "B8B2437D-0280-4E6A-B297-46FD4BFD335C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha39:*:*:*:node.js:*:*",
"matchCriteriaId": "0736A783-87F2-4492-938C-342731B63D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha4:*:*:*:node.js:*:*",
"matchCriteriaId": "971BC038-CF56-4E12-97C8-AC7F3C42F2FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha40:*:*:*:node.js:*:*",
"matchCriteriaId": "C8E325A8-0FA5-47EE-B277-85667E10AC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha41:*:*:*:node.js:*:*",
"matchCriteriaId": "80245E5E-5BC9-48CB-B9F4-CDFEA644D344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha42:*:*:*:node.js:*:*",
"matchCriteriaId": "D9D1733E-0AB2-49D5-9861-CF90DEF7D4DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha5:*:*:*:node.js:*:*",
"matchCriteriaId": "CE63E33F-F203-4C9F-87FE-7FDDA4AC1AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha6:*:*:*:node.js:*:*",
"matchCriteriaId": "4996A47D-58D2-45DB-AFB5-12878B302FA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha7:*:*:*:node.js:*:*",
"matchCriteriaId": "0B677943-841D-4F89-BF8D-8BA6C34DF759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha8:*:*:*:node.js:*:*",
"matchCriteriaId": "3B53EAED-F218-45A4-9457-B9D4BBA2D508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:alpha9:*:*:*:node.js:*:*",
"matchCriteriaId": "7506F506-3826-4DA1-8ABD-1E5C06F01F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta0:*:*:*:node.js:*:*",
"matchCriteriaId": "4D4F7DA2-0287-4CA0-B862-1AD63286BC22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "4FCB6396-1F7E-4F07-837B-C62F1394AD7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta10:*:*:*:node.js:*:*",
"matchCriteriaId": "ECC79DA9-EEFA-466E-839A-CEDA2301CBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta11:*:*:*:node.js:*:*",
"matchCriteriaId": "CB7F184D-E022-4F6F-8E54-A16D3CC9C591",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta12:*:*:*:node.js:*:*",
"matchCriteriaId": "B73F733C-2125-4C0E-B18A-D48AE2EF2C68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta13:*:*:*:node.js:*:*",
"matchCriteriaId": "FD44AB56-F4DA-48C3-8F5B-E44DD2DB13D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta14:*:*:*:node.js:*:*",
"matchCriteriaId": "D96225EC-4251-4870-B030-4434C5BFCA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "65918BFA-0DD1-4F1A-AB7E-FDFB7870C3D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "E000D241-5083-4556-AFCB-06E5B8EC8492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "50530CFF-9DA9-424B-BFE9-1B11D13A03C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta5:*:*:*:node.js:*:*",
"matchCriteriaId": "051BA743-AB9F-4A40-829B-5511222DB49A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta7:*:*:*:node.js:*:*",
"matchCriteriaId": "3ED84BB1-99C7-43CC-BF12-6678575128C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta8:*:*:*:node.js:*:*",
"matchCriteriaId": "2D5A5B7D-C2C2-412E-A1FA-86B9C8E89301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:beta9:*:*:*:node.js:*:*",
"matchCriteriaId": "50AFC47C-4278-440F-9760-7916F41F5CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc0:*:*:*:node.js:*:*",
"matchCriteriaId": "79DF48A1-E6B7-4E79-BA98-BFC8D83988C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc1:*:*:*:node.js:*:*",
"matchCriteriaId": "ADC6B9DE-1F0E-4B4B-83C9-A33D7D00BF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc10:*:*:*:node.js:*:*",
"matchCriteriaId": "E587B50F-C95F-404A-949D-6AA505D97D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc100:*:*:*:node.js:*:*",
"matchCriteriaId": "F33CB7DE-A45C-4A4F-846E-5AA00915EAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc101:*:*:*:node.js:*:*",
"matchCriteriaId": "ABBAA85D-8820-42DF-A092-3455F42CC54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc11:*:*:*:node.js:*:*",
"matchCriteriaId": "857ED8BB-9AB7-4EE5-B7E3-B0739ABAC320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc12:*:*:*:node.js:*:*",
"matchCriteriaId": "01020B23-511F-46AE-9377-DE98FF106955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc13:*:*:*:node.js:*:*",
"matchCriteriaId": "BC8375B9-EBFE-43B3-B622-094934D2A3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc14:*:*:*:node.js:*:*",
"matchCriteriaId": "0AE5CC78-5DD8-4EB0-93DC-A2259D1C233C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc15:*:*:*:node.js:*:*",
"matchCriteriaId": "2D6DEB65-65A3-42B3-AF4D-B5B0C2ECAFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc17:*:*:*:node.js:*:*",
"matchCriteriaId": "CB37DCD9-3174-4F38-A197-560461220A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc18:*:*:*:node.js:*:*",
"matchCriteriaId": "90965BB7-2ADE-4CBB-84F9-F0769FD33E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc19:*:*:*:node.js:*:*",
"matchCriteriaId": "58F83ADF-13B6-4C16-A446-95FFA2DDFAB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc2:*:*:*:node.js:*:*",
"matchCriteriaId": "018F0D61-1045-4668-97CB-1A6C78BF50DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc20:*:*:*:node.js:*:*",
"matchCriteriaId": "4D3F4961-6960-4F76-8860-0D0A90FDEBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc21:*:*:*:node.js:*:*",
"matchCriteriaId": "D61539A8-E63D-40F9-A71C-BEA16E320E1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc22:*:*:*:node.js:*:*",
"matchCriteriaId": "C0938C0A-902F-4111-B1A8-9E133C538B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc23:*:*:*:node.js:*:*",
"matchCriteriaId": "F1E89060-50E6-4E9E-9B1E-7A99D583F9FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc24:*:*:*:node.js:*:*",
"matchCriteriaId": "3F3BCC59-5FA3-44D7-95C6-53F87B95346F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc25:*:*:*:node.js:*:*",
"matchCriteriaId": "F76B2AD3-503A-492E-BD47-6C8EF4F03163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc26:*:*:*:node.js:*:*",
"matchCriteriaId": "845F2552-DA69-4C12-BA6E-74AFC85FF25E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc27:*:*:*:node.js:*:*",
"matchCriteriaId": "438648F2-5A4D-4BB6-B2E8-4FA14985E7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc28:*:*:*:node.js:*:*",
"matchCriteriaId": "8B3E718B-D593-4305-B96B-6EFB2B1013FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc29:*:*:*:node.js:*:*",
"matchCriteriaId": "5A06E8BC-2666-44C9-9254-18C5D2EE30CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc3:*:*:*:node.js:*:*",
"matchCriteriaId": "7219A713-5E0F-43DD-805B-D320BE36970F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc30:*:*:*:node.js:*:*",
"matchCriteriaId": "D3189111-179B-4461-A923-232B526DAA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc31:*:*:*:node.js:*:*",
"matchCriteriaId": "A47BA605-78FC-41CD-8144-1E9925EB9FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc32:*:*:*:node.js:*:*",
"matchCriteriaId": "185165D0-1CBB-451F-B7B1-69F32C8890B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc33:*:*:*:node.js:*:*",
"matchCriteriaId": "E5411DD0-02BF-4DEC-9F11-CBD64E5A5827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc34:*:*:*:node.js:*:*",
"matchCriteriaId": "E7918F2B-7C73-4B5D-9182-7CC90EE45609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc35:*:*:*:node.js:*:*",
"matchCriteriaId": "02AAD6F7-E04F-44DD-B9E9-ED2EAF877CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc36:*:*:*:node.js:*:*",
"matchCriteriaId": "6B388B8A-9D60-4367-8BBA-B902E68DB06C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc37:*:*:*:node.js:*:*",
"matchCriteriaId": "457FC628-B2A6-48FB-846E-37241C286C8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc38:*:*:*:node.js:*:*",
"matchCriteriaId": "1AB9AE8A-5410-4F81-85F5-9634A5F09CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc39:*:*:*:node.js:*:*",
"matchCriteriaId": "E9D94B15-5E66-42F5-B977-5926AC78B3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc4:*:*:*:node.js:*:*",
"matchCriteriaId": "C9D896EA-2FC1-46D9-A359-1765911911E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc40:*:*:*:node.js:*:*",
"matchCriteriaId": "47D34C99-94F0-4576-8323-829E9F947467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc41:*:*:*:node.js:*:*",
"matchCriteriaId": "18B25751-F979-46A2-80A3-306AD24DB6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc42:*:*:*:node.js:*:*",
"matchCriteriaId": "AD733506-5883-4659-AFDD-622BAAE6A268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc43:*:*:*:node.js:*:*",
"matchCriteriaId": "67763EB8-CA42-4329-BED4-A5918672708B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc44:*:*:*:node.js:*:*",
"matchCriteriaId": "B3C51051-FAC5-465F-94F7-1ACE4AEC3CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc45:*:*:*:node.js:*:*",
"matchCriteriaId": "45181B19-7268-4A1A-B171-97ADBEA20B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc46:*:*:*:node.js:*:*",
"matchCriteriaId": "88D47305-5072-4558-BD08-7D9C1E8941EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc47:*:*:*:node.js:*:*",
"matchCriteriaId": "CBA492F0-0D20-4014-AAAE-F869676B10AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc48:*:*:*:node.js:*:*",
"matchCriteriaId": "D151C9A4-56A6-4DB0-AF16-0FC5F47B79A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc49:*:*:*:node.js:*:*",
"matchCriteriaId": "8DF1C900-D3BC-48EB-AACA-D4CD9141DC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc5:*:*:*:node.js:*:*",
"matchCriteriaId": "905C3CB9-386E-4069-8024-78F754D4D68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc50:*:*:*:node.js:*:*",
"matchCriteriaId": "63006537-E1EE-45B9-9D2A-472B18C7AC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc51:*:*:*:node.js:*:*",
"matchCriteriaId": "994ADB6B-05BB-45AC-AA8E-B5E7F563CD73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc52:*:*:*:node.js:*:*",
"matchCriteriaId": "E281F85A-075C-4C7D-8161-71988D913645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc53:*:*:*:node.js:*:*",
"matchCriteriaId": "AE9EB722-4D14-4195-931B-F43DCF02DD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc54:*:*:*:node.js:*:*",
"matchCriteriaId": "2C107B59-6187-4751-A5D4-0E376BC8DD86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc55:*:*:*:node.js:*:*",
"matchCriteriaId": "68A5AC87-91F6-4AC6-B24A-FFEB1F5230F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc56:*:*:*:node.js:*:*",
"matchCriteriaId": "94147F63-BFA8-4E7F-A123-CADC0860787B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc57:*:*:*:node.js:*:*",
"matchCriteriaId": "DDBC68C4-5989-4360-A271-99C453A5F89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc58:*:*:*:node.js:*:*",
"matchCriteriaId": "C3527E35-25E2-4FC0-9F2C-1391A7970F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc59:*:*:*:node.js:*:*",
"matchCriteriaId": "BF6DC07D-A6C3-4E83-AA85-2D6681435000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc6:*:*:*:node.js:*:*",
"matchCriteriaId": "F3F09869-87E3-4800-A710-9C7941CDEFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc60:*:*:*:node.js:*:*",
"matchCriteriaId": "C5B82980-7A69-41BD-B81F-388230F1F4AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc61:*:*:*:node.js:*:*",
"matchCriteriaId": "9B0105D6-6D65-4EA7-B578-D6FA47C0256F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc62:*:*:*:node.js:*:*",
"matchCriteriaId": "7C177176-589B-46FE-A7F9-52A252068700",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc63:*:*:*:node.js:*:*",
"matchCriteriaId": "6C9A5054-D29D-40C5-B9FA-8C8987815BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc64:*:*:*:node.js:*:*",
"matchCriteriaId": "42EDA79D-0816-476C-B2B2-15E1D577B304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc65:*:*:*:node.js:*:*",
"matchCriteriaId": "A3C73CFD-7D69-4B52-BE88-92BE5E95948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc66:*:*:*:node.js:*:*",
"matchCriteriaId": "B4789366-7B3A-4719-8633-7CD77231AD4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc67:*:*:*:node.js:*:*",
"matchCriteriaId": "77ABA1B7-BEC0-4844-AC3D-C50A5F95A975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc68:*:*:*:node.js:*:*",
"matchCriteriaId": "C5B334CE-C90C-4C16-BC8A-31EB96E08424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc69:*:*:*:node.js:*:*",
"matchCriteriaId": "626AB55C-5EA2-4BF1-B71D-AA3C3F938079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc7:*:*:*:node.js:*:*",
"matchCriteriaId": "5D74C6A7-DAB2-4332-8812-5006AC7C5059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc70:*:*:*:node.js:*:*",
"matchCriteriaId": "F6936811-46AC-4FBF-BF9A-B79C26903F60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc71:*:*:*:node.js:*:*",
"matchCriteriaId": "BEB1D541-83EB-4696-BB4C-459D2868E3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc72:*:*:*:node.js:*:*",
"matchCriteriaId": "9B673CB8-3D2C-4B5F-8C74-B0CB6A4E4AE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc73:*:*:*:node.js:*:*",
"matchCriteriaId": "30627639-77FB-4BD2-BAA6-B836D69C6CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc74:*:*:*:node.js:*:*",
"matchCriteriaId": "DC13B24F-0654-4EE9-9560-F9B1C84964BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc75:*:*:*:node.js:*:*",
"matchCriteriaId": "45678A24-A6C5-4102-9556-C3C437E51034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc76:*:*:*:node.js:*:*",
"matchCriteriaId": "FDA41F0C-5EE0-4441-A332-FE8EE0BBD559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc77:*:*:*:node.js:*:*",
"matchCriteriaId": "54DBA109-30ED-469B-AC70-1F31EFFD895F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc78:*:*:*:node.js:*:*",
"matchCriteriaId": "B8A55B14-3AD3-407E-964E-C211D1C5F018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc79:*:*:*:node.js:*:*",
"matchCriteriaId": "FE0630B0-6279-424B-94F1-78589D369D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc8:*:*:*:node.js:*:*",
"matchCriteriaId": "4304B6AF-77C8-4897-B7AC-C7799F4B3D1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc80:*:*:*:node.js:*:*",
"matchCriteriaId": "13DEE564-F460-4A9B-93B9-A0750B5A1095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc81:*:*:*:node.js:*:*",
"matchCriteriaId": "26F7F097-03E4-4967-A468-F228E16DE399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc82:*:*:*:node.js:*:*",
"matchCriteriaId": "A60A7249-DE56-4246-AB5B-8985E1A9D348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc83:*:*:*:node.js:*:*",
"matchCriteriaId": "B94C26B2-BB7C-4D1F-A3F1-FDB6D41820EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc84:*:*:*:node.js:*:*",
"matchCriteriaId": "56E73854-4DA2-49A5-B294-9E6D220E27A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc85:*:*:*:node.js:*:*",
"matchCriteriaId": "67C502CB-97AA-41BF-97FA-96ADB2E8085C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc86:*:*:*:node.js:*:*",
"matchCriteriaId": "A3183D41-C6BC-40CD-8664-A3E0B4F53B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc87:*:*:*:node.js:*:*",
"matchCriteriaId": "E2C9DFE7-1FE6-4B16-860A-705E93A9CAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc88:*:*:*:node.js:*:*",
"matchCriteriaId": "4F5F54F5-2DAE-497E-9B6A-1CFCCD2DDA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc89:*:*:*:node.js:*:*",
"matchCriteriaId": "D0E93F86-5540-4824-A633-1FB7554C7667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc9:*:*:*:node.js:*:*",
"matchCriteriaId": "3EAB3390-7226-48C1-9733-DF10F00ABF23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc90:*:*:*:node.js:*:*",
"matchCriteriaId": "8C54A473-18C8-4FD0-A72F-DFF16FA6C2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc91:*:*:*:node.js:*:*",
"matchCriteriaId": "481855FA-4917-477C-9048-91A2D5AB5C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc92:*:*:*:node.js:*:*",
"matchCriteriaId": "4599AB33-9E40-4160-8E96-2B40BBC30FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc93:*:*:*:node.js:*:*",
"matchCriteriaId": "25F6546A-0910-4834-870A-F7E2F96FC63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc94:*:*:*:node.js:*:*",
"matchCriteriaId": "FE9469F4-4344-4AA1-B94F-14380B8E47CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc95:*:*:*:node.js:*:*",
"matchCriteriaId": "DF391F49-3CB0-4B24-B162-D63E029003B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc96:*:*:*:node.js:*:*",
"matchCriteriaId": "9B8C3A2D-6485-4211-A4E1-C4AEFC96501B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc97:*:*:*:node.js:*:*",
"matchCriteriaId": "20FC540E-0C8E-4CEF-9A82-94637C1381EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc98:*:*:*:node.js:*:*",
"matchCriteriaId": "3E00F86C-5BDD-43C4-BCE5-DAA151C2FF1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:monospace:directus:9.0.0:rc99:*:*:*:node.js:*:*",
"matchCriteriaId": "2EB1F36B-2212-4911-A417-1C4604793F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the enumeration of unknown field contents. The searchable columns (numbers \u0026 strings) are not checked against permissions when injecting the `where` clauses for applying the search query. This leads to the possibility of enumerating those un-permitted fields. Version 11.5.0 fixes the issue."
},
{
"lang": "es",
"value": "Directus es una API en tiempo real y un panel de control para aplicaciones que gestiona el contenido de bases de datos SQL. A partir de la versi\u00f3n 9.0.0-alpha.4 y anteriores a la 11.5.0, el par\u00e1metro de consulta `search` permite a los usuarios con acceso a una colecci\u00f3n filtrar elementos seg\u00fan los campos que no tienen permiso para ver. Esto permite enumerar el contenido de campos desconocidos. Las columnas de b\u00fasqueda (n\u00fameros y cadenas) no se verifican con los permisos al inyectar las cl\u00e1usulas `where` para aplicar la consulta de b\u00fasqueda. Esto permite enumerar los campos no permitidos. La versi\u00f3n 11.5.0 soluciona este problema."
}
],
"id": "CVE-2025-30352",
"lastModified": "2025-08-26T01:41:50.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-03-26T18:15:27.080",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/directus/directus/commit/ac5a9964d9926f20dc063a74cb417dc7bbad676d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-7wq3-jr35-275c"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/directus/directus/security/advisories/GHSA-7wq3-jr35-275c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…