Home > Vulnerability Database > CVE-2025-65952

Mend.io Vulnerability Database

CVE-2025-65952

Good to know:

Date: November 25, 2025

Console is a network used to control Gorilla Tag mods' users and other users on the network. Prior to version 2.8.0, a path traversal vulnerability exists where complicated combinations of backslashes and periods can be used to escape the Gorilla Tag path and write to unwanted directories. This issue has been patched in version 2.8.0.

Severity Score

7.5

Related Resources (5)

Url: https://github.com/iiDk-the-actual/Console/commit/4bcb1cf23ef78f8e6899dd6fe3afa3b24902e458

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-65952

Url: https://github.com/iiDk-the-actual/Console/security/advisories/GHSA-c3f7-xh45-2xc7

Url: https://github.com/iiDk-the-actual/Console/commit/e1005b8754594ad463ae58f8a99decda548b1826

Url: https://www.mend.io/vulnerability-database/CVE-2025-65952

Severity Score

7.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version https://github.com/iiDk-the-actual/Console.git - 2.8.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-65952

Good to know:

Date: November 25, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?