CNNVD-202512-1094 Information

CNNVD ID

CNNVD-202512-1094

Related CVE

CVE-2025-67488

• CNNVD Published: 2025-12-09

Description (Chinese)

SiYuan是SiYuan开源的一个隐私至上的个人知识管理系统。 SiYuan 0.0.0-20251202123337-6ef83b42c7ce及之前版本存在路径遍历漏洞，该漏洞源于ZipSlips漏洞，可能导致任意文件覆盖。

Description (English)

SiYuan is an open-source, private, personal knowledge management system. SiYuan 0.0-202512123337-6ef83b42c7ce and its previous versions had a loophole in the path, which originated in the ZipSlips loophole and could lead to arbitrary document coverage.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

SiYuan

Published

2025-12-09

Last Modified

2026-02-24

References

https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gqfv-g4v7-m366 https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190 https://access.redhat.com/security/cve/cve-2025-67488

Patch

https://b3log.org/siyuan/download.html