CNNVD-202506-1725 Information
CNNVD ID
CNNVD-202506-1725
Related CVE
- CNNVD Published: 2025-06-13
Description (Chinese)
OpenC3 COSMOS是OpenC3开源的一个应用程序。 OpenC3 COSMOS 6.1.0之前版本存在安全漏洞,该漏洞源于openc3-api/tables端点存在目录遍历问题,可能导致执行任意代码。
Description (English)
OpenC3 COSMOS is an application of OpenC3 open source. There was a security loophole in the previous version of OpenC3 COSMOS 6.1. This loophole originated in a directory-to-house problem at the openc3-api/tables endpoint, which could lead to the implementation of any code.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OpenC3
Published
2025-06-13
Last Modified
2026-02-24
References
https://openc3.com/ https://github.com/OpenC3/cosmos/releases/tag/v6.1.0 https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/ https://github.com/OpenC3/cosmos/pull/1828 https://github.com/OpenC3/cosmos/commit/fc7e11310a7cdf9f1939886e1b29009db4d4b718 https://access.redhat.com/security/cve/cve-2025-28382
Patch
https://github.com/OpenC3/cosmos/releases
Share on: