GHSA-QVVF-Q994-X79V SiYuan importSY/importZipMd: path traversal via multipart filename enables arbitrary file write

Summary POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outside the temp directory - including system paths that enable RCE. Details...

CVE-2025-67488

SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the importZipMd function. authenticated user with access to the import functionality can overwrite arbitrary files on the system by importing a specially crafted ZIP archive containing directory traversal...

GHSA-GQFV-G4V7-M366 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE

Summary Function importZipMd is vulnerable to ZipSlip which allows an authenticated user to overwrite files on the system. Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is importZipMd, this can...

PT-2025-50252

Name of the Vulnerable Software and Affected Versions SiYuan versions 0.0.0 through 20251202123337-6ef83b42c7ce Description SiYuan is a self-hosted, open source personal knowledge management software. Versions 0.0.0 through 20251202123337-6ef83b42c7ce contain a flaw in the importZipMd function th...