exploitDog

CVE-2025-67124

Опубликовано: 23 янв. 2026

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization (when uploads are enabled) can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination directory (e.g., shared writable directory/volume).

Ссылки

EPSS

Процентиль: 3%

0.00017

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-59

Связанные уязвимости

GHSA-mxc8-4jqf-368q

github

15 дней назад

miniserve affected by a TOCTOU and symlink race vulnerability

EPSS

Процентиль: 3%

0.00017

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-59