CNNVD-202507-1914 Information
CNNVD ID
CNNVD-202507-1914
Related CVE
- CNNVD Published: 2025-07-14
Description (Chinese)
Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 9.12.0至11.9.0之前版本存在授权问题漏洞,该漏洞源于手动触发流程未验证权限,可能导致未授权操作。
Description (English)
Directus is a real-time Api and application dashboard from Directus open source. To manage Sql database content. Prior versions of Directus 9.12.0 to 11.9.0 had a mandate gap, which stemmed from a manual trigger process that did not have the permission to verify and could lead to unauthorized operations.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
Directus
Published
2025-07-14
Last Modified
2026-02-24
References
https://github.com/directus/directus/commit/22be460c76957708d67fdd52846a9ad1cbb083fb https://github.com/directus/directus/releases/tag/v11.9.0 https://github.com/directus/directus/security/advisories/GHSA-7cvf-pxgp-42fc https://nvd.nist.gov/vuln/detail/CVE-2025-53889 https://access.redhat.com/security/cve/cve-2025-53889
Patch
https://github.com/directus/directus/releases
Share on: