CVE-2025-30352

EPSS 0.1%
Veröffentlicht 26.03.2025 17:18:39
Zuletzt bearbeitet 26.08.2025 01:41:50
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the enumeration of unknown field contents. The searchable columns (numbers & strings) are not checked against permissions when injecting the `where` clauses for applying the search query. This leads to the possibility of enumerating those un-permitted fields. Version 11.5.0 fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Monospace ≫ Directus SwPlatformnode.js Version >= 9.0.1 < 11.5.0

Monospace ≫ Directus Version9.0.0 Updatealpha10 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha11 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha12 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha13 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha14 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha15 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha16 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha17 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha18 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha19 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha20 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha21 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha22 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha23 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha24 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha25 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha26 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha27 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha31 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha32 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha33 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha34 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha35 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha36 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha37 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha38 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha39 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha4 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha40 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha41 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha42 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha5 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha6 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha7 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha8 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatealpha9 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta0 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta1 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta10 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta11 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta12 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta13 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta14 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta2 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta3 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta4 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta5 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta7 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta8 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updatebeta9 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc0 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc1 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc10 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc100 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc101 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc11 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc12 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc13 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc14 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc15 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc17 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc18 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc19 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc2 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc20 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc21 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc22 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc23 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc24 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc25 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc26 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc27 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc28 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc29 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc3 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc30 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc31 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc32 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc33 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc34 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc35 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc36 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc37 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc38 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc39 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc4 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc40 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc41 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc42 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc43 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc44 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc45 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc46 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc47 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc48 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc49 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc5 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc50 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc51 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc52 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc53 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc54 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc55 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc56 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc57 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc58 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc59 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc6 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc60 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc61 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc62 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc63 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc64 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc65 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc66 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc67 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc68 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc69 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc7 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc70 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc71 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc72 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc73 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc74 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc75 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc76 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc77 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc78 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc79 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc8 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc80 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc81 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc82 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc83 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc84 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc85 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc86 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc87 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc88 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc89 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc9 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc90 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc91 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc92 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc93 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc94 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc95 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc96 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc97 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc98 SwPlatformnode.js

Monospace ≫ Directus Version9.0.0 Updaterc99 SwPlatformnode.js

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.288

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/directus/directus/security/advisories/GHSA-7wq3-jr35-275c

Third Party Advisory

https://github.com/directus/directus/commit/ac5a9964d9926f20dc063a74cb417dc7bbad676d

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-30352

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30352

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30352

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-30352