Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-24786 β€” AI Deep Analysis Summary

CVSS 10.0 Β· Critical

Q1What is this vulnerability? (Essence + Consequences)

🚨 **Essence**: WhoDB (v0.45.0-) suffers from **Path Traversal**. πŸ“‰ **Consequences**: Unauthenticated attackers can read **any** SQLite3 database on the host.…
Read full answer (login)

Q2Root Cause? (CWE/Flaw)

πŸ›‘οΈ **CWE-35**: Improper Limitation of a Pathname to a Restricted Directory. πŸ› **Flaw**: No validation on database filenames. πŸ“‚ **Result**: Allows accessing arbitrary files outside intended scope.

Q3Who is affected? (Versions/Components)

🏒 **Vendor**: clidey. πŸ“¦ **Product**: WhoDB. πŸ“… **Affected**: Versions **0.45.0 and earlier**. 🌐 **Type**: Open-source data browser.

Q4What can hackers do? (Privileges/Data)

πŸ•΅οΈ **Privileges**: **Unauthenticated** access required. πŸ—„οΈ **Data**: Can open **any** SQLite3 DB on the server. πŸ”“ **Scope**: Host system files exposed. πŸ“‰ **Severity**: High Confidentiality & Integrity impact.

Q5Is exploitation threshold high? (Auth/Config)

⚑ **Threshold**: **LOW**. πŸ”‘ **Auth**: None required (PR:N). 🌐 **Network**: Remote (AV:N). 🎯 **Complexity**: Low (AC:L). πŸ–±οΈ **UI**: None needed (UI:N).

Q6Is there a public Exp? (PoC/Wild Exploitation)

πŸ“œ **PoC**: Yes. πŸ§ͺ **Source**: Nuclei templates available. πŸ”— **Link**: [ProjectDiscovery Nuclei](https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-24786.yaml).…
Read full answer (login)

Q7How to self-check? (Features/Scanning)

πŸ” **Check**: Scan for WhoDB instances. πŸ“€ **Test**: Manipulate database filename input. πŸ“Š **Tool**: Use Nuclei template for detection. 🚩 **Flag**: Look for unauthorized DB access.

Q8Is it fixed officially? (Patch/Mitigation)

πŸ› οΈ **Fix**: Update to version **> 0.45.0**. πŸ“’ **Advisory**: GHSA-9r4c-jwx3-3j76. βœ… **Status**: Patch available via vendor.

Q9What if no patch? (Workaround)

🚧 **Workaround**: Restrict network access to WhoDB. 🚫 **Block**: Prevent unauthenticated access. πŸ”’ **Isolate**: Limit file system permissions for the service.

Q10Is it urgent? (Priority Suggestion)

πŸ”₯ **Priority**: **HIGH**. 🚨 **Urgency**: Critical due to **No Auth** requirement. πŸ“‰ **Risk**: Immediate data breach potential. πŸƒ **Action**: Patch immediately!

Continue exploring

Vulnerability detail Full AI analysis (login) clidey CWE-35