CVE-2025-23212

Exploit

EPSS 0.48%
Veröffentlicht 28.01.2025 16:15:41
Zuletzt bearbeitet 08.05.2025 18:45:54
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tandoor ≫ Recipes Version < 1.5.28

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.376

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/TandoorRecipes/recipes/commit/36e83a9d0108ac56b9538b45ead57efc8b97c5ff

Patch

https://github.com/TandoorRecipes/recipes/security/advisories/GHSA-jrgj-35jx-2qq7

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-23212

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-23212

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-23212

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-23212