CVE-2025-58432
- EPSS 0.01%
- Published 17.09.2025 17:31:20
- Last modified 22.09.2025 14:24:42
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads ...
CVE-2025-58431
- EPSS 0.02%
- Published 17.09.2025 17:25:08
- Last modified 22.09.2025 14:21:36
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v2_1/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed A...
CVE-2024-49358
- EPSS 0.05%
- Published 24.10.2024 22:15:04
- Last modified 22.09.2025 14:21:56
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-IP>/v1/users/login` in ZimaOS returns distinct responses based on whether a usern...
CVE-2024-49359
- EPSS 0.94%
- Published 24.10.2024 22:15:04
- Last modified 22.09.2025 14:21:53
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Zima_Server_IP:PORT>/v2_1/file` in ZimaOS is vulnerable to a directory traversal attack,...
CVE-2024-49357
- EPSS 0.07%
- Published 24.10.2024 22:15:03
- Last modified 22.09.2025 14:21:51
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/app_order.json` and...