CNNVD-202509-2690 Information

CNNVD ID

CNNVD-202509-2690

Related CVE

CVE-2025-58431

• CNNVD Published: 2025-09-17

Description (Chinese)

ZimaOS是IceWhaleTech的一个开源的操作系统项目，旨在提供一个轻量级、高性能、安全的操作系统环境。 ZimaOS 1.4.1及之前版本存在安全漏洞，该漏洞源于/v2_1/files/file/download端点允许任意用户以root权限读取本地文件。

Description (English)

ZimaOS is an open-source operating system project of Ice WhaleTech, which aims to provide a lightweight, high-performance, safe operating system environment. ZimaOS 1.4.1 and previous versions contain a security loophole from/v2 1/files/file/download endpoints that allow any user to read local files with root privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ICP DAS

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-vqrw-9v9m-6g87

Patch

https://github.com/IceWhaleTech/ZimaOS/releases