Описание
Home Assistant Core before is vulnerable to Directory Traversal
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-65713
- https://github.com/home-assistant/core/pull/150046
- https://gist.github.com/GenoWang/7359360285e0fe21a7a58d10ff71d032
- https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/components/downloader/services.py#L32
- https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/util/__init__.py#L20
- https://github.com/home-assistant/core/blob/a4d12694dae82f10e2ca9c524e44a22ab7dacf66/homeassistant/util/__init__.py#L32-L38
Пакеты
Наименование
homeassistant
pip
Затронутые версииВерсия исправления
< 2025.8.0
2025.8.0
Связанные уязвимости
CVSS3: 4
nvd
около 2 месяцев назад
Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.