Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-49466

Date: June 4, 2025

aerc before 93bec0d allows directory traversal in commands/msgview/open.go because of direct path concatenation of the name of an attachment part,

Severity Score

Related Resources (4)

https://git.sr.ht/~rjarry/aerc/commit/93bec0de8ed5ab3d6b1f01026fe2ef20fa154329
https://nvd.nist.gov/vuln/detail/CVE-2025-49466
https://git.sr.ht/~rjarry/aerc/commit/2bbe75fe0bc87ab4c1e16c5a18c6200224391629
https://www.mend.io/vulnerability-database/CVE-2025-49466

Severity Score

Weakness Type (CWE)

Relative Path Traversal

CWE-23

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us