Home > Vulnerability Database > CVE-2025-21609

Mend.io Vulnerability Database

CVE-2025-21609

Date: January 3, 2025

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the "POST /api/history/getDocHistoryContent" endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.

Severity Score

9.1

Related Resources (5)

Url: https://github.com/siyuan-note/siyuan/commit/d9887aeec1b27073bec66299a9a4181dc42969f3

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-21609

Url: https://github.com/siyuan-note/siyuan

Url: https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8fx8-pffw-w498

Url: https://www.mend.io/vulnerability-database/CVE-2025-21609

Severity Score

9.1

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Incomplete Cleanup

CWE-459

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-21609

Date: January 3, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?