CNNVD-202511-1540 Information

Nov 13, 2025 cve

CNNVD ID

CNNVD-202511-1540

CVE-2025-64746

CNNVD Published: 2025-11-13

Description (Chinese)

Directus是Directus开源的一个实时 Api 和应用程序仪表板。用于管理 Sql 数据库内容。 Directus 11.13.0之前版本存在安全漏洞，该漏洞源于删除字段时未正确清理字段级权限，可能导致意外数据访问。

Description (English)

Directus is a real-time Api and application dashboard from Directus open source. To manage Sql database content. Directus 11.13.0 has a security loophole, which arises from the fact that field-level privileges are not properly cleared when deleting fields and may result in unexpected data access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Directus

Published

2025-11-13

Last Modified

2026-02-24

References

https://github.com/directus/directus/security/advisories/GHSA-9x5g-62gj-wqf2 https://github.com/directus/directus/commit/84d7636969083387164ce5d2fd15a65e11e2d0b8 https://access.redhat.com/security/cve/cve-2025-64746

Patch

https://github.com/directus/directus/releases

Share on: