EUVD-2025-2664

Malicious code in bioql PyPI...

The vulnerability of the cloud integrated development environment (IDE) Atheos relates to an incorrect restriction on the path to the restricted access directory. This allows a perpetrator to execute arbitrary files on the server.

The vulnerability of the cloud integrated development environment IDE Atheos is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary files on the server remotely...

CVE-2025-47788 Missing Path Validation Enables Path Traversal in Controller.php

Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the $target parameter in /controller.php was not properly validated, which could allow an attacker to execute arbitrary files on the server via path traversal. v602 contains a fix for th...

The vulnerability of the cloud integrated development environment (IDE) Atheos lies in the lack of file loading restrictions, which allows attackers to read, modify, or execute any files on the server.

The vulnerability of the cloud integrated development environment IDE Atheos relates to the absence of file loading restrictions. Exploiting this vulnerability allows a malicious actor to remotely read, modify, or execute any files on the server...