CNNVD-202509-2703 Information
CNNVD ID
CNNVD-202509-2703
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
CISA Thorium是美国网络安全与基础设施安全局(CISA)政府部门的一个高度可扩展的分布式恶意软件分析和数据生成框架。 CISA Thorium 1.1.2之前版本存在安全漏洞,该漏洞源于未充分验证下载文件路径,可能导致远程认证攻击者访问任意文件。
Description (English)
CISA Thorium is a highly scalable, distributed malware analysis and data generation framework for the United States Cyber Security and Infrastructure Security Agency (CISA) government departments. There was a security loophole in the previous version of CISA Thorium 1.1.2, which stemmed from insufficient validation of the downloading path, which could result in remote authentication of the assailants ’ access to any document.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cisofy
Published
2025-09-17
Last Modified
2026-02-24
References
https://github.com/cisagov/thorium/blob/main/api/src/utils/bounder.rs#L120-L158 https://github.com/cisagov/thorium/releases/tag/1.1.2 https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json https://www.cve.org/CVERecord?id=CVE-2025-35430
Patch
https://github.com/cisagov/thorium/releases
Share on: