admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-254xx/CVE-2025-25478.json
cad-safe-bot 4a84132ab1 Auto-Update: 2025-03-05T17:00:20.315796+00:00
2025-03-05 17:03:50 +00:00

64 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-25478",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-28T23:15:11.170",
"lastModified": "2025-03-05T16:15:39.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password."
},
{
"lang": "es",
"value": "La funci\u00f3n de carga de archivos de cuenta en Syspass 3.2.x no gestiona correctamente los caracteres especiales en los nombres de archivo. Esta mala gesti\u00f3n provoca la divulgaci\u00f3n del c\u00f3digo fuente de la aplicaci\u00f3n web, lo que deja expuesta informaci\u00f3n confidencial, como la contrase\u00f1a de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25478",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/sysentr0py/CVEs/tree/main/CVE-2025-25478",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}
Reference in New Issue View Git Blame Copy Permalink