CVE-2025-24888 Path traversal in SecureDrop Client API.download_reply()

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, a malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machine sd-app. SecureDrop Server...

CVE-2025-24888 Path traversal in SecureDrop Client API.download_reply()

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to version 0.14.1, a malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machine sd-app. SecureDrop Server...

PT-2025-7041 · Unknown · Securedrop Client

Name of the Vulnerable Software and Affected Versions: SecureDrop Client versions prior to 0.14.1 Description: The issue lies in the code responsible for downloading replies in the SecureDrop Client. A malicious SecureDrop Server could obtain code execution on the SecureDrop Client virtual machin...

PT-2025-7042 · Unknown +1 · Securedrop Client +2

Name of the Vulnerable Software and Affected Versions: SecureDrop Client versions prior to 0.14.1 and 1.0.1 Description: The issue allows an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation to gain code execution in the sd-log virtual machine by...