cvelistv5 - cve-2025-48938

CVE-2025-48938 (GCVE-0-2025-48938)

Vulnerability from cvelistv5

Published

2025-05-30 18:45

Modified

2025-05-30 20:38

Severity ?

2.6 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U

CWE

CWE-501 - Trust Boundary Violation

Summary

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading.

References

►

URL

	Vendor	Product	Version
	cli	go-gh	Version: < 2.12.1

fkie_cve-2025-48938

Vulnerability from fkie_nvd

Published

2025-05-30 19:15

Modified

2025-06-02 17:32

Severity ?

2.6 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U

Summary

References

▶	URL	Tags
	security-advisories@github.com	https://github.com/cli/go-gh/blob/61bf393cf4aeea6d00a6251390f5f67f5b67e727/pkg/browser/browser.go
	security-advisories@github.com	https://github.com/cli/go-gh/commit/a08820a13f257d6c5b4cb86d37db559ec6d14577
	security-advisories@github.com	https://github.com/cli/go-gh/security/advisories/GHSA-g9f5-x53j-h563

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user\u0027s machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading."
    },
    {
      "lang": "es",
      "value": "go-gh es una colecci\u00f3n de m\u00f3dulos de Go que facilita la creaci\u00f3n de extensiones de la CLI de GitHub. Se identific\u00f3 una vulnerabilidad de seguridad en versiones anteriores a la 2.12.1, donde un servidor de GitHub Enterprise controlado por un atacante pod\u00eda ejecutar comandos arbitrarios en el equipo de un usuario al reemplazar las URL HTTP proporcionadas por GitHub con rutas de archivos locales para la navegaci\u00f3n. En la versi\u00f3n 2.12.1, se mejor\u00f3 `Browser.Browse()` para permitir y deshabilitar diversos escenarios y evitar la apertura o ejecuci\u00f3n de archivos en el sistema de archivos sin afectar negativamente a las URL HTTP. No se conocen workarounds aparte de la actualizaci\u00f3n."
    }
  ],
  "id": "CVE-2025-48938",
  "lastModified": "2025-06-02T17:32:17.397",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 2.6,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-30T19:15:29.980",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/cli/go-gh/blob/61bf393cf4aeea6d00a6251390f5f67f5b67e727/pkg/browser/browser.go"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/cli/go-gh/commit/a08820a13f257d6c5b4cb86d37db559ec6d14577"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/cli/go-gh/security/advisories/GHSA-g9f5-x53j-h563"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-501"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

opensuse-su-2025:15225-1

Vulnerability from csaf_opensuse

Published

2025-07-03 00:00

Modified

2025-07-03 00:00

Summary

govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media

Notes

Title of the patch

govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media

Description of the patch

These are all security issues fixed in the govulncheck-vulndb-0.0.20250612T141001-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15225

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250612T141001-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15225",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15225-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-36846 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-36846/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-31022 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-31022/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-42818 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-42818/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-0913 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-0913/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-1792 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-1792/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-22874 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-22874/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-25207 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-25207/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-25208 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-25208/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-2571 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-2571/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-29785 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-29785/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-3230 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-3230/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-3260 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-3260/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-3454 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-3454/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-3611 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-3611/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-3913 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-3913/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4128 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4128/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4573 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4573/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-4673 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-4673/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-47950 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-47950/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48494 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48494/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48495 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48495/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48710 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48710/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48865 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48865/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48938 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48938/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48948 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48948/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-48949 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-48949/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-49011 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-49011/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-49136 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-49136/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-49140 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-49140/"
      }
    ],
    "title": "govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-07-03T00:00:00Z",
      "generator": {
        "date": "2025-07-03T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15225-1",
      "initial_release_date": "2025-07-03T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-07-03T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
                  "product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
                  "product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
                  "product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
                "product": {
                  "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
                  "product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        },
        "product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-36846",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-36846"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.   Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007  or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-36846",
          "url": "https://www.suse.com/security/cve/CVE-2020-36846"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1175825 for CVE-2020-36846",
          "url": "https://bugzilla.suse.com/1175825"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-36846"
    },
    {
      "cve": "CVE-2022-31022",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-31022"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node\u0027s filesystem where the bleve index resides, if the user has used bleve\u0027s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit \nhandling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-31022",
          "url": "https://www.suse.com/security/cve/CVE-2022-31022"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-31022"
    },
    {
      "cve": "CVE-2023-42818",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-42818"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-42818",
          "url": "https://www.suse.com/security/cve/CVE-2023-42818"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2023-42818"
    },
    {
      "cve": "CVE-2025-0913",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-0913"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-0913",
          "url": "https://www.suse.com/security/cve/CVE-2025-0913"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244157 for CVE-2025-0913",
          "url": "https://bugzilla.suse.com/1244157"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-0913"
    },
    {
      "cve": "CVE-2025-1792",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-1792"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-1792",
          "url": "https://www.suse.com/security/cve/CVE-2025-1792"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-1792"
    },
    {
      "cve": "CVE-2025-22874",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-22874"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-22874",
          "url": "https://www.suse.com/security/cve/CVE-2025-22874"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244158 for CVE-2025-22874",
          "url": "https://bugzilla.suse.com/1244158"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-22874"
    },
    {
      "cve": "CVE-2025-25207",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-25207"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-25207",
          "url": "https://www.suse.com/security/cve/CVE-2025-25207"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-25207"
    },
    {
      "cve": "CVE-2025-25208",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-25208"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-25208",
          "url": "https://www.suse.com/security/cve/CVE-2025-25208"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-25208"
    },
    {
      "cve": "CVE-2025-2571",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-2571"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-2571",
          "url": "https://www.suse.com/security/cve/CVE-2025-2571"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-2571"
    },
    {
      "cve": "CVE-2025-29785",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-29785"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe packets), and then sending ACKs for packets received from the server specifically crafted to trigger the nil-pointer dereference. v0.50.1 contains a patch that fixes the vulnerability. This release contains a test that generates random sequences of sent packets (both regular and path probe packets), that was used to verify that the patch actually covers all corner cases. No known workarounds are available.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-29785",
          "url": "https://www.suse.com/security/cve/CVE-2025-29785"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243936 for CVE-2025-29785",
          "url": "https://bugzilla.suse.com/1243936"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-29785"
    },
    {
      "cve": "CVE-2025-3230",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-3230"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-3230",
          "url": "https://www.suse.com/security/cve/CVE-2025-3230"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-3230"
    },
    {
      "cve": "CVE-2025-3260",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-3260"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1).\n\nImpact:\n\n- Viewers can view all dashboards/folders regardless of permissions\n\n- Editors can view/edit/delete all dashboards/folders regardless of permissions\n\n- Editors can create dashboards in any folder regardless of permissions\n\n- Anonymous users with viewer/editor roles are similarly affected\n\nOrganization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-3260",
          "url": "https://www.suse.com/security/cve/CVE-2025-3260"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-3260"
    },
    {
      "cve": "CVE-2025-3454",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-3454"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "This vulnerability in Grafana\u0027s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path.\n\nUsers with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources.\n\nThe issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-3454",
          "url": "https://www.suse.com/security/cve/CVE-2025-3454"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241683 for CVE-2025-3454",
          "url": "https://bugzilla.suse.com/1241683"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-3454"
    },
    {
      "cve": "CVE-2025-3611",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-3611"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with \u0027No access\u0027 to Teams in the System Console.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-3611",
          "url": "https://www.suse.com/security/cve/CVE-2025-3611"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-3611"
    },
    {
      "cve": "CVE-2025-3913",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-3913"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the \u0027invite user\u0027 permission to access and modify team invite IDs via the /api/v4/teams/:teamId/privacy endpoint.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-3913",
          "url": "https://www.suse.com/security/cve/CVE-2025-3913"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-3913"
    },
    {
      "cve": "CVE-2025-4128",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4128"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.5.x \u003c= 10.5.4, 9.11.x \u003c= 9.11.13 fail to properly restrict API access to team information, allowing guest users to bypass permissions and view information about public teams they are not members of via a direct API call to /api/v4/teams/{team_id}.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4128",
          "url": "https://www.suse.com/security/cve/CVE-2025-4128"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-4128"
    },
    {
      "cve": "CVE-2025-4573",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4573"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mattermost versions 10.7.x \u003c= 10.7.1, 10.6.x \u003c= 10.6.3, 10.5.x \u003c= 10.5.4, 9.11.x \u003c= 9.11.13 fail to properly validate LDAP group ID attributes, allowing an authenticated administrator with PermissionSysconsoleWriteUserManagementGroups permission to execute LDAP search filter injection via the PUT /api/v4/ldap/groups/{remote_id}/link API when objectGUID is configured as the Group ID Attribute.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4573",
          "url": "https://www.suse.com/security/cve/CVE-2025-4573"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-4573"
    },
    {
      "cve": "CVE-2025-4673",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-4673"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-4673",
          "url": "https://www.suse.com/security/cve/CVE-2025-4673"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244156 for CVE-2025-4673",
          "url": "https://bugzilla.suse.com/1244156"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-4673"
    },
    {
      "cve": "CVE-2025-47950",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-47950"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "CoreDNS is a DNS server that chains plugins. In versions prior to 1.12.2, a Denial of Service (DoS) vulnerability exists in the CoreDNS DNS-over-QUIC (DoQ) server implementation. The server previously created a new goroutine for every incoming QUIC stream without imposing any limits on the number of concurrent streams or goroutines. A remote, unauthenticated attacker could open a large number of streams, leading to uncontrolled memory consumption and eventually causing an Out Of Memory (OOM) crash \u2014 especially in containerized or memory-constrained environments. The patch in version 1.12.2 introduces two key mitigation mechanisms: `max_streams`, which caps the number of concurrent QUIC streams per connection with a default value of `256`; and `worker_pool_size`, which Introduces a server-wide, bounded worker pool to process incoming streams with a default value of `1024`. This eliminates the 1:1 stream-to-goroutine model and ensures that CoreDNS remains resilient under high concurrency.  Some workarounds are available for those who are unable to upgrade. Disable QUIC support by removing or commenting out the `quic://` block in the Corefile, use container runtime resource limits to detect and isolate excessive memory usage, and/or monitor QUIC connection patterns and alert on anomalies.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-47950",
          "url": "https://www.suse.com/security/cve/CVE-2025-47950"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1244331 for CVE-2025-47950",
          "url": "https://bugzilla.suse.com/1244331"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-47950"
    },
    {
      "cve": "CVE-2025-48494",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48494"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users using a version prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A possible workaround would be to disable end-to-end encryption.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48494",
          "url": "https://www.suse.com/security/cve/CVE-2025-48494"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-48494"
    },
    {
      "cve": "CVE-2025-48495",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48495"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48495",
          "url": "https://www.suse.com/security/cve/CVE-2025-48495"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-48495"
    },
    {
      "cve": "CVE-2025-48710",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48710"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with permission to create or modify ResourceGraphDefinition resources) to supply arbitrary container images. This can lead to a confused-deputy scenario where kro\u0027s controllers deploy and run attacker-controlled images, resulting in unauthenticated remote code execution on cluster nodes.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48710",
          "url": "https://www.suse.com/security/cve/CVE-2025-48710"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-48710"
    },
    {
      "cve": "CVE-2025-48865",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48865"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should trust these headers, allowing HTTP clients to remove or modify them creates potential security vulnerabilities. Some of these custom headers can be removed and, in certain cases, manipulated. The attack relies on the behavior that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been patched in version 1.6.6.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48865",
          "url": "https://www.suse.com/security/cve/CVE-2025-48865"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-48865"
    },
    {
      "cve": "CVE-2025-48938",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48938"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user\u0027s machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48938",
          "url": "https://www.suse.com/security/cve/CVE-2025-48938"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1243930 for CVE-2025-48938",
          "url": "https://bugzilla.suse.com/1243930"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-48938"
    },
    {
      "cve": "CVE-2025-48948",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48948"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48948",
          "url": "https://www.suse.com/security/cve/CVE-2025-48948"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-48948"
    },
    {
      "cve": "CVE-2025-48949",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-48949"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-48949",
          "url": "https://www.suse.com/security/cve/CVE-2025-48949"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-48949"
    },
    {
      "cve": "CVE-2025-49011",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-49011"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SpiceDB is an open source database for storing and querying fine-grained authorization data. Prior to version 1.44.2, on schemas involving arrows with caveats on the arrow\u0027ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. Version 1.44.2 fixes the issue. As a workaround, do not use caveats in the schema over an arrow\u0027ed relation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-49011",
          "url": "https://www.suse.com/security/cve/CVE-2025-49011"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2025-49011"
    },
    {
      "cve": "CVE-2025-49136",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-49136"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-49136",
          "url": "https://www.suse.com/security/cve/CVE-2025-49136"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-49136"
    },
    {
      "cve": "CVE-2025-49140",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-49140"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should upgrade to v0.1.39 or later, which validates that: `padLen \u003e 0 \u0026\u0026 padLen \u003c= payloadLength` and return error  on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
          "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-49140",
          "url": "https://www.suse.com/security/cve/CVE-2025-49140"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
            "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-03T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-49140"
    }
  ]
}

ghsa-g9f5-x53j-h563

Vulnerability from github

Published

2025-05-30 15:30

Modified

2025-06-04 21:00

Summary

Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

Details

Summary

A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing.

Details

The GitHub CLI and CLI extensions allow users to transition from their terminal for a variety of use cases through the Browser capability in github.com/cli/go-gh/v2/pkg/browser:

Using the -w, --web flag, GitHub CLI users can view GitHub repositories, issues, pull requests, and more using their web browser
Using the gh codespace command set, GitHub CLI users can transition to Visual Studio Code to work with GitHub Codespaces

This is done by using URLs provided through API responses from authenticated GitHub hosts when users execute gh commands.

Prior to 2.12.1, Browser.Browse() would attempt to open the provided URL using a variety of OS-specific approaches regardless of the scheme. An attacker-controlled GitHub Enterprise Server could modify API responses to use a specially tailored local executable path instead of HTTP URLs to resources. This could allow the attacker to execute arbitrary executables on the user's machine.

In 2.12.1, Browser.Browse() has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs:

URLs with http://, https://, vscode://, vscode-insiders:// protocols are supported
URLs with file:// protocol are unsupported
URLs matching files or directories on the filesystem are unsupported
URLs matching executables in the user's path are unsupported

URLs without protocols will be browsable if none of these other conditions apply.

As we have more information about use cases, maintainers can expand these capabilities for an improved user experience that allows configuring allowed URL schemes and/or prompt the user for an unexpected user case and confirming whether to continue.

Impact

Successful exploitation could cause users of the attacker-controlled GitHub Enterprise Server to execute arbitrary commands.

Remediation and Mitigation

Upgrade go-gh to 2.12.1

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cli/go-gh/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48938"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-501"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-30T15:30:39Z",
    "nvd_published_at": "2025-05-30T19:15:29Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nA security vulnerability has been identified in `go-gh` where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user\u0027s machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. \n\n### Details\n\nThe GitHub CLI and CLI extensions allow users to transition from their terminal for a variety of use cases through the [`Browser` capability in `github.com/cli/go-gh/v2/pkg/browser`](https://github.com/cli/go-gh/blob/61bf393cf4aeea6d00a6251390f5f67f5b67e727/pkg/browser/browser.go):\n\n- Using the `-w, --web` flag, GitHub CLI users can view GitHub repositories, issues, pull requests, and more using their web browser\n- Using the `gh codespace` command set, GitHub CLI users can transition to Visual Studio Code to work with GitHub Codespaces\n\nThis is done by using URLs provided through API responses from authenticated GitHub hosts when users execute `gh` commands.\n\nPrior to `2.12.1`, `Browser.Browse()` would attempt to open the provided URL using a variety of OS-specific approaches regardless of the scheme.  An attacker-controlled GitHub Enterprise Server could modify API responses to use a specially tailored local executable path instead of HTTP URLs to resources.  This could allow the attacker to execute arbitrary executables on the user\u0027s machine. \n\nIn `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs:\n\n1. URLs with `http://`, `https://`, `vscode://`, `vscode-insiders://` protocols are supported\n1. URLs with `file://` protocol are unsupported\n1. URLs matching files or directories on the filesystem are unsupported\n1. URLs matching executables in the user\u0027s path are unsupported\n\nURLs without protocols will be browsable if none of these other conditions apply.\n\nAs we have more information about use cases, maintainers can expand these capabilities for an improved user experience that allows configuring allowed URL schemes and/or prompt the user for an unexpected user case and confirming whether to continue.\n\n### Impact\n\nSuccessful exploitation could cause users of the attacker-controlled GitHub Enterprise Server to execute arbitrary commands.\n\n### Remediation and Mitigation\n\n1. Upgrade `go-gh` to `2.12.1`",
  "id": "GHSA-g9f5-x53j-h563",
  "modified": "2025-06-04T21:00:35Z",
  "published": "2025-05-30T15:30:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cli/go-gh/security/advisories/GHSA-g9f5-x53j-h563"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48938"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cli/go-gh/commit/a08820a13f257d6c5b4cb86d37db559ec6d14577"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cli/go-gh"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-48938 (GCVE-0-2025-48938)

Vulnerability from cvelistv5

fkie_cve-2025-48938

Vulnerability from fkie_nvd

opensuse-su-2025:15225-1

Vulnerability from csaf_opensuse

ghsa-g9f5-x53j-h563

Vulnerability from github

Summary

Details

Impact

Remediation and Mitigation

Tags

Sightings

Nomenclature