CVE 8.7 HIGH

Gin-vue-admin has an arbitrary file deletion vulnerability_CVE-2025-66410

December 2, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.

AI Analysis

Arbitrary file deletion vulnerability in Gin-vue-admin versions 2.8.6 and earlier, allowing attackers to delete any file on the server.

Basic Information

ID CVE-2025-66410

Source GitHub_M

Published Dec 1, 2025 at 22:28

Affected Product

Vendor flipped-aurora

Product gin-vue-admin

Version <= 2.8.6

Affected Versions flipped-aurora gin-vue-admin <= 2.8.6

CWE Classification

CWE-22

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor flipped-aurora

Product gin-vue-admin

Version 2.8.6 and earlier

References

{
    "lastseen": "",
    "description": "Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.",
    "published": "2025-12-01T22:28:59.982Z",
    "modified": "2025-12-01T22:28:59.982Z",
    "type": "cve",
    "title": "Gin-vue-admin has an arbitrary file deletion vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-jrhg-82w2-vvj7\nhttps://github.com/flipped-aurora/gin-vue-admin/commit/ee8d8d7e04d9c38a35a6969f20e75213e84f57c6",
    "id": "CVE-2025-66410",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "flipped-aurora gin-vue-admin <= 2.8.6",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "gin-vue-admin",
    "version": "<= 2.8.6",
    "vendor": "flipped-aurora",
    "ai_description": "Arbitrary file deletion vulnerability in Gin-vue-admin versions 2.8.6 and earlier, allowing attackers to delete any file on the server.",
    "ai_severity": "High",
    "ai_vendor": "flipped-aurora",
    "ai_product": "gin-vue-admin",
    "ai_version": "2.8.6 and earlier",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply