Lucene search
K

110 matches found

CVE
CVE
added 2025/09/17 5:31 p.m.16 views

CVE-2025-58432

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) contains a local privilege-escalation flaw in the /v2_1/files/file/uploadV2 API. In versions before and including 1.4.1, any user with localhost access can upload files via this endpoint and have them executed with root privileges, enab...

7.8CVSS6.6AI score0.00164EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/09/17 5:31 p.m.6 views

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

6.7CVSS0.00164EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/17 5:31 p.m.4 views

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

6.7CVSS6.6AI score0.00164EPSS
Exploits1References1
OSV
OSV
added 2025/09/17 5:31 p.m.3 views

CVE-2025-58432 ZimaOS Privilege Escalation using localhost calls to File API Upload

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v21/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT...

6.7CVSS7AI score0.00164EPSS
Exploits1References3
CVE
CVE
added 2025/09/17 5:25 p.m.16 views

CVE-2025-58431

CVE-2025-58431 affects ZimaOS (fork of CasaOS) prior to version 1.4.2. The /v2_1/files/file/download API endpoint allows unauthorized local users with localhost access to read local files, with reads executed as ROOT. Multiple sources (Red Hat, CVE records, CVE lists, and vulnerability databases)...

6.2CVSS6.4AI score0.00191EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/09/17 5:25 p.m.8 views

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

6.1CVSS0.00191EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/17 5:25 p.m.4 views

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

6.1CVSS6.4AI score0.00191EPSS
Exploits1References1
OSV
OSV
added 2025/09/17 5:25 p.m.3 views

CVE-2025-58431 ZimaOS reads arbitrary files using localhost calls to File API Download

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v21/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT...

6.1CVSS6.8AI score0.00191EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.3 views

PT-2025-38241

Name of the Vulnerable Software and Affected Versions: ZimaOS versions prior to 1.4.1 Description: ZimaOS, a fork of CasaOS, is susceptible to a file upload issue. The /v2 1/files/file/uploadV2 API endpoint permits file uploads from any user with localhost access, and these uploads are executed...

6.7CVSS6.7AI score0.00164EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.2 views

ZimaOS 安全漏洞

ZimaOS is an open source operating system project from IceWhaleTech designed to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS 1.4.1 and earlier versions that originates in the /v21/files/file/uploadV2 endpoint that allows a...

7.8CVSS6.8AI score0.00164EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.2 views

ZimaOS 安全漏洞

ZimaOS is an open source operating system project from IceWhaleTech designed to provide a lightweight, high-performance, secure operating system environment. A security vulnerability exists in ZimaOS 1.4.1 and earlier versions that originates in the /v21/files/file/download endpoint that allows...

6.2CVSS6.4AI score0.00191EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.4 views

PT-2025-38236

Name of the Vulnerable Software and Affected Versions: ZimaOS versions prior to 1.4.2 Description: ZimaOS, a fork of CasaOS, is susceptible to a file read issue. The /v2 1/files/file/download API endpoint allows unauthorized file access from any user with localhost access. File reads are executed...

6.1CVSS6.4AI score0.00191EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:30 a.m.7 views

CVE-2024-48932

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint http:///v1/users/name allows unauthenticated users to access sensitive information, such as usernames, without any authorization. This vulnerability could be...

5.3CVSS6.8AI score0.00504EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:15 a.m.7 views

CVE-2024-49358

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS6.8AI score0.00463EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:46 a.m.8 views

CVE-2024-49357

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS7.8AI score0.20599EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:34 p.m.5 views

CVE-2024-48931

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint http:///v3/file?token== is vulnerable to arbitrary file reading due to improper input validation. By manipulating the files parameter,...

7.5CVSS7.8AI score0.00702EPSS
Exploits1
NVD
NVD
added 2024/10/24 10:15 p.m.18 views

CVE-2024-49359

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...

7.5CVSS0.00954EPSS
Exploits1References2
NVD
NVD
added 2024/10/24 10:15 p.m.23 views

CVE-2024-49358

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v1/users/login in ZimaOS returns distinct responses based on whether a username exists or the password is incorrect. This behavior can b...

5.3CVSS0.00463EPSS
Exploits1References2
NVD
NVD
added 2024/10/24 10:15 p.m.22 views

CVE-2024-49357

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as http:///v1/users/image?path=/var/lib/casaos/1/apporder.json and http:///v1/users/image?path=/var/lib/casaos/1/system.json,...

7.5CVSS0.20599EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/24 9:33 p.m.24 views

CVE-2024-49359 ZimaOS vulnerable to Directory Listing via Parameter Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...

7.5CVSS0.00954EPSS
Exploits1References2
Rows per page
Query Builder