CVE-2025-24889 Path traversal in sd-log Qubes virtual machine

The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain...

PT-2025-7042 · Unknown +1 · Securedrop Client +2

Name of the Vulnerable Software and Affected Versions: SecureDrop Client versions prior to 0.14.1 and 1.0.1 Description: The issue allows an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation to gain code execution in the sd-log virtual machine by...

SecureDrop 路径遍历漏洞

SecureDrop is an open source whistleblower submission system from the Freedom of the Press Foundation. It can be used by media organizations to securely accept documents from and communicate with anonymous sources. A path traversal vulnerability existed prior to SecureDrop version 0.14.1, which...