Runtipi CVE-2025-47277 Unauthenticated Arbitrary File Read via Symlink

Vulnerability Overview Vulnerability Name: Unauthenticated arbitrary file read through app-store logo symlinks CVE ID: CVE-2025-47277 Severity: Medium (6.5 / 10) CVSS v3 Base Metrics: Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None Description: Runtipi serves marketplace application icons via unauthenticated endpoints from files within a cloned application store repository. The path guard only checks the local path prior to Node reading the file. Consequently, if a Git-hosted application store contains as a symbolic link, Runtipi may read and return the symbolic link's target. If the endpoint is publicly accessible and the symbolic link target points to a location outside the cloned repository, this can expose local files within the Runtipi container, such as , , , or application files. Details: The public route is not protected by and forwards the requested URN to the marketplace image loader. The store file manager prioritizes provided by the repository by default. The file system guard only resolves string paths and validates whether the symbolic link path name falls within an allowed root directory. Because the guard does not compare the final resolved real path, even if a file is symlinked to or other readable files outside the repository, it will still pass the allowed root check. Scope of Impact Affected Versions: 4.9.1, 4.9.2, 4.9.3 Fixed Versions: >= 4.10.0 Potential Impact: An attacker can leverage a malicious application store repository to expose files readable by the Runtipi process, such as , derived keys/secrets, , under , and other hosted Runtipi data. This may lead to the leakage of JWT keys, service credentials, local configurations, and operational logs on the instance. Remediation 1. Resolve and Verify Real Paths: Use to resolve the final path and verify it is within the allowed root directory before performing file read/write operations. - Reject paths whose real path lies outside the expected directory. - Handle missing files carefully: verify the real parent directory before writing. 2. Rejection of Symbolic Links for Marketplace Icons: Reject symbolic links before serving them. - Optionally: Require files to be located within a specific application directory, rather than just a broad root directory like . 3. Copy/Normalize Application Store Assets: Copy/normalize application store assets in a controlled cache, rejecting symbolic links and enforcing file size limits before exposing them for service. 4. Add Regression Tests: - as a symbolic link pointing to should not be served. - Symbolic links to files within but outside the application directory should not be served. - Standard files within the application directory should still be served. POC Code Observation Output: Cleanup: The POC deletes its temporary directory via .

Goal Reached Thanks to every supporter — we hit 100%!

Runtipi CVE-2025-47277 Unauthenticated Arbitrary File Read via Symlink

More from this source