CVE-2025-30353 Information

Description

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0 when a Flow with the \Webhook\ trigger and the \Data of Last Operation\ response body encounters a ValidationError thrown by a failed condition operation the API response includes sensitive data. This includes environmental variables sensitive API keys user accountability information and operational data. This issue poses a significant security risk as any unintended exposure of this data could lead to potential misuse. Version 11.5.0 fixes the issue.

Reference

https://github.com/directus/directus/security/advisories/GHSA-fm3h-p9wm-h74h https://github.com/directus/directus/security/advisories/GHSA-fm3h-p9wm-h74h