Lucene search
K

4 matches found

Circl
Circl
added 2025/02/13 5:37 p.m.6 views

CVE-2025-24889

creationtimestamp| type| source ---|---|--- 2025-02-13 17:37:20+00:00| seen| https://infosec.exchange/users/cve/statuses/113997790534218207 2025-02-13 18:18:49+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li3cfi2hv32c 2025-02-13 19:10:04+00:00|...

4.5CVSS5.8AI score0.00195EPSS
Exploits0References5
OSV
OSV
added 2025/02/13 5:34 p.m.3 views

CVE-2025-24889 Path traversal in sd-log Qubes virtual machine

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain...

4.5CVSS7.4AI score0.00195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/13 5:34 p.m.5 views

CVE-2025-24889 Path traversal in sd-log Qubes virtual machine

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain...

4.5CVSS7.3AI score0.00195EPSS
Exploits0References2
CVE
CVE
added 2025/02/13 5:34 p.m.64 views

CVE-2025-24889

The CVE-2025-24889 issue affects the SecureDrop Client (Workstation) prior to versions 0.14.1 and 1.0.1. A path traversal flaw in the sd-log VM’s log-writing logic allows an attacker who already has code execution on another VM to cause code execution in sd-log by sending a crafted log entry. Thi...

4.5CVSS5AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder