CNNVD-202511-1534 Information

CNNVD ID

CNNVD-202511-1534

Related CVE

CVE-2025-64749

• CNNVD Published: 2025-11-13

Description (Chinese)

Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 11.13.0之前版本存在安全漏洞，该漏洞源于REST API错误消息差异，可能导致未授权集合信息泄露。

Description (English)

Directus is a real-time Api and application dashboard from Directus open source. To manage Sql database content. Prior to Directus 11.13.0, there was a security loophole, which stemmed from differences in error messages from RETT API, which could lead to the release of unauthorized information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Directus

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/directus/directus/security/advisories/GHSA-cph6-524f-3hgr https://github.com/directus/directus/commit/f99c9b89071f9d136cc9b0d0c182f2d24542bc31 https://access.redhat.com/security/cve/cve-2025-64749

Patch

https://github.com/directus/directus/releases