CVE 8.7 HIGH

Console is vulnerable to path traversal regarding custom assets_CVE-2025-65952

November 25, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This issue has been patched in version 2.8.0.

AI Analysis

Path traversal vulnerability in Console prior to version 2.8.0, allowing writing to unwanted directories

Basic Information

ID CVE-2025-65952

Source GitHub_M

Published Nov 25, 2025 at 22:54

Affected Product

Vendor iiDk-the-actual

Product Console

Version < 2.8.0

Affected Versions iiDk-the-actual Console < 2.8.0

CWE Classification

CWE-22

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor iiDk-the-actual

Product Console

Version < 2.8.0

References

{
    "lastseen": "",
    "description": "Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This issue has been patched in version 2.8.0.",
    "published": "2025-11-25T22:54:24.363Z",
    "modified": "2025-11-25T22:54:24.363Z",
    "type": "cve",
    "title": "Console is vulnerable to path traversal regarding custom assets",
    "source": "GitHub_M",
    "references": "https://github.com/iiDk-the-actual/Console/security/advisories/GHSA-c3f7-xh45-2xc7\nhttps://github.com/iiDk-the-actual/Console/commit/4bcb1cf23ef78f8e6899dd6fe3afa3b24902e458\nhttps://github.com/iiDk-the-actual/Console/commit/e1005b8754594ad463ae58f8a99decda548b1826",
    "id": "CVE-2025-65952",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "iiDk-the-actual Console < 2.8.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Console",
    "version": "< 2.8.0",
    "vendor": "iiDk-the-actual",
    "ai_description": "Path traversal vulnerability in Console prior to version 2.8.0, allowing writing to unwanted directories",
    "ai_severity": "High",
    "ai_vendor": "iiDk-the-actual",
    "ai_product": "Console",
    "ai_version": "< 2.8.0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply