CNNVD-202508-2414 Information

CNNVD ID

CNNVD-202508-2414

Related CVE

CVE-2025-55746

• CNNVD Published: 2025-08-20

Description (Chinese)

Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 10.8.0至11.9.3之前版本存在安全漏洞，该漏洞源于文件更新机制允许未经验证的参与者修改或上传文件。

Description (English)

Directus is a real-time Api and application dashboard from Directus open source. To manage Sql database content. Directus 10.8.0 to 11.9.3 had a security loophole, which stemmed from the document updating mechanism allowing uncertified participants to modify or upload documents.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

discord.js

Published

2025-08-20

Last Modified

2026-02-24

References

https://github.com/directus/directus/security/advisories/GHSA-mv33-9f6j-pfmc https://github.com/directus/directus/commit/d84dcc36f75fc5c858d43746b8f9c426c38d696b https://nvd.nist.gov/vuln/detail/CVE-2025-55746

Patch

https://github.com/directus/directus/releases