CNNVD-202511-1532 Information

CNNVD ID

CNNVD-202511-1532

Related CVE

CVE-2025-64748

• CNNVD Published: 2025-11-13

Description (Chinese)

Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 11.13.0之前版本存在安全漏洞，该漏洞源于允许认证用户搜索敏感字段，可能导致敏感数据枚举攻击。

Description (English)

Directus is a real-time Api and application dashboard from Directus open source. To manage Sql database content. Prior to Directus 11.13.0, there was a security loophole, which stemmed from allowing authentication users to search sensitive fields, which could lead to an attack on sensitive data.

Hazard Level

High

Vulnerability Type

其他

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/directus/directus/security/advisories/GHSA-8jpw-gpr4-8cmh https://github.com/directus/directus/commit/7737d56e096f95edfbdf861a3c08999ad31ce204 https://access.redhat.com/security/cve/cve-2025-64748

Patch

https://github.com/directus/directus/releases