Plateforme
go
Composant
github.com/clidey/whodb/core
Corrigé dans
0.45.1
0.0.0-20250127172032-547336ac73c8
CVE-2025-24786 represents a critical Path Traversal vulnerability discovered in the github.com/clidey/whodb/core component of WhoDB. This flaw allows attackers to potentially access sensitive SQLite3 database files, exposing confidential data. The vulnerability impacts versions of WhoDB prior to 0.0.0-20250127172032-547336ac73c8. A patch has been released to address this issue.
The core of this vulnerability lies in the improper handling of file paths within the WhoDB core component. An attacker can craft malicious requests that exploit this flaw to traverse the file system and directly access the SQLite3 database file. This database likely contains sensitive information such as user credentials, configuration details, or other application-specific data. Successful exploitation could lead to unauthorized data disclosure, potentially compromising the entire system. The impact is particularly severe given the CRITICAL CVSS score, indicating a high likelihood of exploitation and significant potential damage.
CVE-2025-24786 was publicly disclosed on 2025-02-07. There is currently no indication of active exploitation campaigns targeting this vulnerability. Public proof-of-concept (POC) code is not yet available, but the ease of exploitation inherent in path traversal vulnerabilities suggests that POCs are likely to emerge. The vulnerability has not been added to the CISA KEV catalog as of this writing.
Organizations utilizing WhoDB in their infrastructure, particularly those deploying it in environments with limited access controls or without robust WAF protection, are at significant risk. Shared hosting environments where multiple users share the same WhoDB instance are also particularly vulnerable, as a compromise of one user's instance could potentially expose data from other users.
• go / server: Examine application logs for requests containing path traversal sequences (e.g., ../). Use go tool pprof to analyze function call graphs and identify potential path traversal vulnerabilities in the WhoDB core code.
• generic web: Use curl or wget to probe for file access outside of the intended directory. For example: curl 'http://your-whodb-server/../../../../etc/passwd'
• linux / server: Monitor process execution for WhoDB core processes accessing unexpected files. Use lsof to identify open files and directories.
• database (sqlite): If the database is accessible, query the SQLite database schema to identify sensitive tables and columns.
disclosure
Statut de l'Exploit
EPSS
49.39% (percentile 98%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-24786 is to immediately upgrade WhoDB core to version 0.0.0-20250127172032-547336ac73c8 or later. If upgrading is not immediately feasible, consider implementing a temporary workaround by restricting access to the WhoDB core component through a Web Application Firewall (WAF) or proxy. Configure the WAF to block requests containing path traversal sequences (e.g., ../). Monitor access logs for suspicious activity, particularly attempts to access files outside of the intended directory. After upgrading, confirm the fix by attempting a path traversal attack and verifying that access is denied.
Mettez à jour WhoDB à la version 0.45.0 ou supérieure. Cette version corrige la vulnérabilité de traversal de chemin qui permet d'accéder à des bases de données SQLite3 arbitraires sur le système. La mise à jour empêchera les attaquants non authentifiés d'exploiter cette vulnérabilité.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-24786 is a critical vulnerability allowing attackers to read SQLite3 database files in WhoDB core due to improper path handling. It affects versions before 0.0.0-20250127172032-547336ac73c8.
You are affected if you are using WhoDB core versions prior to 0.0.0-20250127172032-547336ac73c8. Assess your deployments immediately.
Upgrade WhoDB core to version 0.0.0-20250127172032-547336ac73c8 or later. As a temporary workaround, implement WAF rules to block path traversal attempts.
There is currently no confirmed evidence of active exploitation, but the vulnerability's nature makes it likely that exploitation attempts will occur.
Refer to the official WhoDB project repository on GitHub for updates and advisories related to CVE-2025-24786.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier go.mod et nous te dirons instantanément si tu es affecté.