CVE-2025-68462

Опубликовано: 18 дек. 2025

Источник: debian

EPSS Низкий

Описание

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.

Пакет	Статус	Версия исправления	Релиз	Тип
freedombox	fixed	25.17.1		package
freedombox	fixed	25.9.3+deb13u1	trixie	package
freedombox	no-dsa		bookworm	package
freedombox	postponed		bullseye	package

Fixed by: https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d7ff1229 (v25.17.1)
https://salsa.debian.org/freedombox-team/freedombox/-/issues/2554 (not public)

EPSS

Процентиль: 3%

0.00016

Низкий

CVE-2025-68462

CVSS3: 3.2

ubuntu

29 дней назад

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.

CVE-2025-68462

CVSS3: 3.2

nvd

29 дней назад

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.

GHSA-gjwv-45pm-f62j

CVSS3: 3.2

github

29 дней назад

Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.

EPSS

Процентиль: 3%

0.00016

Низкий