CasaOS

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host.

Basic Information

ID CVE-2025-34171

Source VulnCheck

Published Jan 3, 2026 at 21:18

Affected Product

Vendor IceWhale Tech

Product CasaOS

Affected Versions IceWhale Tech CasaOS 0

CWE Classification

CWE-862 CWE-497

References

{
    "lastseen": "",
    "description": "CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and configuration details. Additionally, /v1/sys/debug discloses host operating system, kernel, hardware, and storage information. The endpoints also return distinct error messages, enabling file existence enumeration of arbitrary paths on the underlying host filesystem. This information disclosure can be used for reconnaissance and to facilitate targeted follow-up attacks against services deployed on the host.",
    "published": "2026-01-03T21:18:51.053Z",
    "modified": "2026-01-03T21:18:51.053Z",
    "type": "cve",
    "title": "CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure",
    "source": "VulnCheck",
    "references": "https://casaos.zimaspace.com/\nhttps://github.com/IceWhaleTech/CasaOS\nhttps://www.vulncheck.com/advisories/casaos-unauthenticated-file-and-debug-data-exposure",
    "id": "CVE-2025-34171",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862",
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "IceWhale Tech CasaOS 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CasaOS",
    "version": "0",
    "vendor": "IceWhale Tech",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure_CVE-2025-34171