CNNVD-202506-1722 Information

CNNVD ID

CNNVD-202506-1722

Related CVE

CVE-2025-28384

• CNNVD Published: 2025-06-13

Description (Chinese)

OpenC3 COSMOS是OpenC3开源的一个应用程序。 OpenC3 COSMOS 6.1.0之前版本存在安全漏洞，该漏洞源于/script-api/scripts/端点容易受到目录遍历攻击。

Description (English)

OpenC3 COSMOS is an application of OpenC3 open source. There was a security loophole in the previous version of OpenC3 COSMOS 6.1. This leak originated from the vulnerability of /script-api/scripts/endpoints to a catalogue.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

OpenC3

Published

2025-06-13

Last Modified

2026-02-24

References

https://openc3.com/ https://github.com/OpenC3/cosmos/releases/tag/v6.1.0 https://github.com/OpenC3/cosmos/pull/1828/commits/fc7e11310a7cdf9f1939886e1b29009db4d4b718 https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/ https://access.redhat.com/security/cve/cve-2025-28384

Patch

https://github.com/OpenC3/cosmos/releases