CVE-2025-48935 Information

Description

Deno is a JavaScript TypeScript and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5 it is possible to bypass Deno’s permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue.

Reference

https://github.com/denoland/deno/commit/31a97803995bd94629528ba841b2418d3ca01860 https://github.com/denoland/deno/security/advisories/GHSA-8vxj-4cph-c596