Home > Vulnerability Database > CVE-2025-59336

Mend.io Vulnerability Database

CVE-2025-59336

Good to know:

Date: September 16, 2025

Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec verification system. This causes the uploaded file to be stored at the relative path location. If planned carefully, this could overwrite a runtime file and cause the website to crash. This vulnerability is fixed by 0.1.1.

Severity Score

6.5

Related Resources (5)

Url: https://github.com/lumen-oss/luanox/commit/5198640c9644e2fcef5809f83b9ab0a9b4d0eeb2

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59336

Url: https://github.com/lumen-oss/luanox/commit/2b6237f3baaa1d905c491fca29f8301835721c46

Url: https://github.com/lumen-oss/luanox/security/advisories/GHSA-42c5-x4pj-4p3w

Url: https://www.mend.io/vulnerability-database/CVE-2025-59336

Severity Score

6.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Relative Path Traversal

CWE-23

Top Fix

Upgrade Version

Upgrade to version https://github.com/lumen-oss/luanox.git - v0.1.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59336

Good to know:

Date: September 16, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?