Home > Vulnerability Database > CVE-2025-65109

Mend.io Vulnerability Database

CVE-2025-65109

Good to know:

Date: November 21, 2025

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84.

Severity Score

9.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65109

Url: https://github.com/mindersec/minder/security/advisories/GHSA-6xvf-4vh9-mw47

Url: https://github.com/mindersec/minder/commit/f770400923984649a287d7215410ef108e845af8

Url: https://github.com/mindersec/minder

Url: https://www.mend.io/vulnerability-database/CVE-2025-65109

Severity Score

9.1

Weakness Type (CWE)

Inclusion of Web Functionality from an Untrusted Source

CWE-830

Top Fix

Upgrade Version

Upgrade to version github.com/mindersec/minder - v0.0.84

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65109

Good to know:

Date: November 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?