CNNVD-202510-1066 Information

CNNVD ID

CNNVD-202510-1066

Related CVE

CVE-2025-50505

• CNNVD Published: 2025-10-07

Description (Chinese)

Clash Verge Rev是Clash Verge Rev开源的一个代理工具。 Clash Verge Rev 2.2.3及之前版本存在安全漏洞，该漏洞源于默认安装系统服务并通过未授权HTTP API暴露关键功能，可能导致本地权限提升。

Description (English)

Clash Verge Rev is an proxy tool for Clash Verge Rev. Clash Verge Rev 2.2.3 and previous versions have a security loophole, which stems from default installation system services and the exposure of critical functions through unauthorized HTTP API, which may lead to an increase in local privileges.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Clash Verge Rev

Published

2025-10-07

Last Modified

2026-02-24

References

https://github.com/clash-verge-rev/clash-verge-service https://github.com/bron1e/CVE-2025-50505 https://github.com/cisagov/vulnrichment/issues/206 https://github.com/clash-verge-rev/clash-verge-rev https://www.clashverge.dev/ https://access.redhat.com/security/cve/cve-2025-50505

Patch

https://www.clashverge.dev/