Home > Vulnerability Database > CVE-2025-57802

Mend.io Vulnerability Database

CVE-2025-57802

Good to know:

Date: August 25, 2025

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive locations on the host filesystem. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container. This issue has been patched in version 1.0.1.

Severity Score

8.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57802

Url: https://github.com/airlinklabs/daemon/security/advisories/GHSA-hrfv-wm8p-mg8m

Url: https://github.com/airlinklabs/daemon/commit/5e6222dd9eec6d7cb0876b12507e3d6011797693

Url: https://www.mend.io/vulnerability-database/CVE-2025-57802

Severity Score

8.8

Weakness Type (CWE)

UNIX Symbolic Link (Symlink) Following

CWE-61

Top Fix

Upgrade Version

Upgrade to version https://github.com/airlinklabs/daemon.git - no_fix

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-57802

Good to know:

Date: August 25, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?