Home > Vulnerability Database > CVE-2025-50184

Mend.io Vulnerability Database

CVE-2025-50184

Good to know:

Date: July 25, 2025

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.

Severity Score

7.7

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-50184

Url: https://github.com/dbgate/dbgate/commit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e

Url: https://github.com/dbgate/dbgate/security/advisories/GHSA-2fp9-29gv-p5gm

Url: https://www.mend.io/vulnerability-database/CVE-2025-50184

Severity Score

7.7

Weakness Type (CWE)

Path Traversal: '..filename'

CWE-29

Top Fix

Upgrade Version

Upgrade to version dbgate-api - 6.5.0;https://github.com/dbgate/dbgate.git - v6.4.3-beta.8

Learn More

CVSS v3.1

Base Score:	7.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-50184

Good to know:

Date: July 25, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?