Platform
go
Component
github.com/clidey/whodb/core
Fixed in
0.45.1
0.0.0-20250127172032-547336ac73c8
CVE-2025-24786 represents a critical Path Traversal vulnerability discovered in the github.com/clidey/whodb/core component of WhoDB. This flaw allows attackers to potentially access sensitive SQLite3 database files, exposing confidential data. The vulnerability impacts versions of WhoDB prior to 0.0.0-20250127172032-547336ac73c8. A patch has been released to address this issue.
The core of this vulnerability lies in the improper handling of file paths within the WhoDB core component. An attacker can craft malicious requests that exploit this flaw to traverse the file system and directly access the SQLite3 database file. This database likely contains sensitive information such as user credentials, configuration details, or other application-specific data. Successful exploitation could lead to unauthorized data disclosure, potentially compromising the entire system. The impact is particularly severe given the CRITICAL CVSS score, indicating a high likelihood of exploitation and significant potential damage.
CVE-2025-24786 was publicly disclosed on 2025-02-07. There is currently no indication of active exploitation campaigns targeting this vulnerability. Public proof-of-concept (POC) code is not yet available, but the ease of exploitation inherent in path traversal vulnerabilities suggests that POCs are likely to emerge. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Exploit Status
EPSS
49.39% (98% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-24786 is to immediately upgrade WhoDB core to version 0.0.0-20250127172032-547336ac73c8 or later. If upgrading is not immediately feasible, consider implementing a temporary workaround by restricting access to the WhoDB core component through a Web Application Firewall (WAF) or proxy. Configure the WAF to block requests containing path traversal sequences (e.g., ../). Monitor access logs for suspicious activity, particularly attempts to access files outside of the intended directory. After upgrading, confirm the fix by attempting a path traversal attack and verifying that access is denied.
Update WhoDB to version 0.45.0 or higher. This version addresses the path traversal vulnerability that allows access to arbitrary SQLite3 databases on the system. The update will prevent unauthenticated attackers from exploiting this vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-24786 is a critical vulnerability allowing attackers to read SQLite3 database files in WhoDB core due to improper path handling. It affects versions before 0.0.0-20250127172032-547336ac73c8.
You are affected if you are using WhoDB core versions prior to 0.0.0-20250127172032-547336ac73c8. Assess your deployments immediately.
Upgrade WhoDB core to version 0.0.0-20250127172032-547336ac73c8 or later. As a temporary workaround, implement WAF rules to block path traversal attempts.
There is currently no confirmed evidence of active exploitation, but the vulnerability's nature makes it likely that exploitation attempts will occur.
Refer to the official WhoDB project repository on GitHub for updates and advisories related to CVE-2025-24786.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your go.mod file and we'll tell you instantly if you're affected.