CNNVD-202508-280 Information
CNNVD ID
CNNVD-202508-280
Related CVE
- CNNVD Published: 2025-08-05
Description (Chinese)
Trilium Notes是Zadam个人开发者的一个分层笔记应用程序。专注于构建大型个人知识库。 Trilium Notes 0.97.0之前版本存在安全漏洞,该漏洞源于初始同步种子检索端点存在暴力破解保护绕过,可能导致未经身份验证的攻击者猜测登录密码。
Description (English)
Trilum Notes is an application for Zadam personal developers to take notes. Focus on building a large personal knowledge base. There was a security loophole in the previous version of Trilum Notes 0.97.0, which stemmed from the violent decomposition protection bypassed by the initial synchronous seed retrieval endpoint, which could lead the assailants to speculate about access codes without identification.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-08-05
Last Modified
2026-02-24
References
https://github.com/TriliumNext/Trilium/security/advisories/GHSA-hw5p-ff75-327r https://github.com/TriliumNext/Trilium/pull/6243/commits/04c8f8a1234e8c9f4a87da187180375227b21223 https://github.com/TriliumNext/Trilium/releases/tag/v0.97.0 https://access.redhat.com/security/cve/cve-2025-53544
Patch
https://github.com/TriliumNext/Trilium/releases
Share on: