CVE-2025-49588 Information

Jul 04, 2025 cve

Description

Linkwarden is a self-hosted open-source collaborative bookmark manager to collect organize and archive webpages. In version 2.10.2 the server accepts links of format file:///etc/passwd and doesn’t do any validation before sending them to parsers and playwright this can result in leak of other user’s links (and in some cases it might be possible to leak environment secrets). This issue has been patched in version 2.10.3 which has not been made public at time of publication.

Reference

https://github.com/linkwarden/linkwarden/security/advisories/GHSA-rfc2-x8hr-536q https://github.com/linkwarden/linkwarden/security/advisories/GHSA-rfc2-x8hr-536q

CNNVD-202507-140 (Published: 2025-07-02)

Share on:

CVE-2025-49588 Information

Description

Reference

Related CNNVD