Plattform
go
Komponente
github.com/clidey/whodb/core
Behoben in
0.45.1
0.0.0-20250127172032-547336ac73c8
CVE-2025-24786 represents a critical Path Traversal vulnerability discovered in the github.com/clidey/whodb/core component of WhoDB. This flaw allows attackers to potentially access sensitive SQLite3 database files, exposing confidential data. The vulnerability impacts versions of WhoDB prior to 0.0.0-20250127172032-547336ac73c8. A patch has been released to address this issue.
The core of this vulnerability lies in the improper handling of file paths within the WhoDB core component. An attacker can craft malicious requests that exploit this flaw to traverse the file system and directly access the SQLite3 database file. This database likely contains sensitive information such as user credentials, configuration details, or other application-specific data. Successful exploitation could lead to unauthorized data disclosure, potentially compromising the entire system. The impact is particularly severe given the CRITICAL CVSS score, indicating a high likelihood of exploitation and significant potential damage.
CVE-2025-24786 was publicly disclosed on 2025-02-07. There is currently no indication of active exploitation campaigns targeting this vulnerability. Public proof-of-concept (POC) code is not yet available, but the ease of exploitation inherent in path traversal vulnerabilities suggests that POCs are likely to emerge. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Organizations utilizing WhoDB in their infrastructure, particularly those deploying it in environments with limited access controls or without robust WAF protection, are at significant risk. Shared hosting environments where multiple users share the same WhoDB instance are also particularly vulnerable, as a compromise of one user's instance could potentially expose data from other users.
• go / server: Examine application logs for requests containing path traversal sequences (e.g., ../). Use go tool pprof to analyze function call graphs and identify potential path traversal vulnerabilities in the WhoDB core code.
• generic web: Use curl or wget to probe for file access outside of the intended directory. For example: curl 'http://your-whodb-server/../../../../etc/passwd'
• linux / server: Monitor process execution for WhoDB core processes accessing unexpected files. Use lsof to identify open files and directories.
• database (sqlite): If the database is accessible, query the SQLite database schema to identify sensitive tables and columns.
disclosure
Exploit-Status
EPSS
49.39% (98% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-24786 is to immediately upgrade WhoDB core to version 0.0.0-20250127172032-547336ac73c8 or later. If upgrading is not immediately feasible, consider implementing a temporary workaround by restricting access to the WhoDB core component through a Web Application Firewall (WAF) or proxy. Configure the WAF to block requests containing path traversal sequences (e.g., ../). Monitor access logs for suspicious activity, particularly attempts to access files outside of the intended directory. After upgrading, confirm the fix by attempting a path traversal attack and verifying that access is denied.
Aktualisieren Sie WhoDB auf Version 0.45.0 oder höher. Diese Version behebt die Path-Traversal-Schwachstelle, die den Zugriff auf beliebige SQLite3-Datenbanken im System ermöglicht. Das Update verhindert, dass nicht authentifizierte Angreifer diese Schwachstelle ausnutzen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-24786 is a critical vulnerability allowing attackers to read SQLite3 database files in WhoDB core due to improper path handling. It affects versions before 0.0.0-20250127172032-547336ac73c8.
You are affected if you are using WhoDB core versions prior to 0.0.0-20250127172032-547336ac73c8. Assess your deployments immediately.
Upgrade WhoDB core to version 0.0.0-20250127172032-547336ac73c8 or later. As a temporary workaround, implement WAF rules to block path traversal attempts.
There is currently no confirmed evidence of active exploitation, but the vulnerability's nature makes it likely that exploitation attempts will occur.
Refer to the official WhoDB project repository on GitHub for updates and advisories related to CVE-2025-24786.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine go.mod-Datei hoch und wir sagen dir sofort, ob du betroffen bist.