CNNVD-202512-3735 Information

CNNVD ID

CNNVD-202512-3735

Related CVE

CVE-2025-67442

• CNNVD Published: 2025-12-19

Description (Chinese)

EVE-NG是EVE-NG公司的一款无客户端多供应商网络仿真软件。 EVE-NG 6.4.0-13-PRO版本存在安全漏洞，该漏洞源于/api/export接口中目录遍历，可能导致任意文件导出。

Description (English)

EVE-NG is a non-client, multi-supplier network simulation for EVE-NG. There is a security loophole in the EVE-NG 6.4.0-13-PRO version, which originates from the directory running through the /api/export interface and may lead to the export of any file.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

EVE-NG

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/XunMInt/cve/blob/main/EVE-NG_20251207.md https://access.redhat.com/security/cve/cve-2025-67442

Patch

https://www.eve-ng.net/index.php/download/