cvelistv5 - cve-2025-49132

CVE-2025-49132 (GCVE-0-2025-49132)

Vulnerability from cvelistv5

Published

2025-06-20 16:56

Modified

2025-06-20 17:34

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Summary

Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.

References

►

URL

Tags

	security-advisories@github.com	https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0
	security-advisories@github.com	https://github.com/pterodactyl/panel/releases/tag/v1.11.11
	security-advisories@github.com	https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843

Impacted products

	Vendor	Product	Version
	pterodactyl	panel	Version: < 1.11.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-49132",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-20T17:34:12.035579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T17:34:24.439Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "panel",
          "vendor": "pterodactyl",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.11.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel\u0027s server, read credentials from the Panel\u0027s config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-20T16:56:41.403Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843"
        },
        {
          "name": "https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0"
        },
        {
          "name": "https://github.com/pterodactyl/panel/releases/tag/v1.11.11",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pterodactyl/panel/releases/tag/v1.11.11"
        }
      ],
      "source": {
        "advisory": "GHSA-24wv-6c99-f843",
        "discovery": "UNKNOWN"
      },
      "title": "Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-49132",
    "datePublished": "2025-06-20T16:56:41.403Z",
    "dateReserved": "2025-06-02T10:39:41.633Z",
    "dateUpdated": "2025-06-20T17:34:24.439Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-49132\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-20T17:15:41.140\",\"lastModified\":\"2025-06-23T20:16:21.633\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel\u0027s server, read credentials from the Panel\u0027s config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.\"},{\"lang\":\"es\",\"value\":\"Pterodactyl es un panel de administraci\u00f3n de servidores de juegos gratuito y de c\u00f3digo abierto. Antes de la versi\u00f3n 1.11.11, al usar el archivo /locales/locale.json con los par\u00e1metros de consulta de configuraci\u00f3n regional y espacio de nombres, un actor malicioso pod\u00eda ejecutar c\u00f3digo arbitrario sin estar autenticado. Esta capacidad de ejecutar c\u00f3digo arbitrario pod\u00eda utilizarse para acceder al servidor del panel, leer credenciales de su configuraci\u00f3n, extraer informaci\u00f3n confidencial de la base de datos, acceder a los archivos de los servidores administrados por el panel, etc. Este problema se ha corregido en la versi\u00f3n 1.11.11. No existen soluciones alternativas de software para esta vulnerabilidad, pero el uso de un firewall de aplicaciones web (WAF) externo podr\u00eda ayudar a mitigar este ataque.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pterodactyl/panel/releases/tag/v1.11.11\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49132\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-20T17:34:12.035579Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-20T17:34:17.100Z\"}}], \"cna\": {\"title\": \"Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution\", \"source\": {\"advisory\": \"GHSA-24wv-6c99-f843\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"pterodactyl\", \"product\": \"panel\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.11.11\"}]}], \"references\": [{\"url\": \"https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843\", \"name\": \"https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0\", \"name\": \"https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pterodactyl/panel/releases/tag/v1.11.11\", \"name\": \"https://github.com/pterodactyl/panel/releases/tag/v1.11.11\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel\u0027s server, read credentials from the Panel\u0027s config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-20T16:56:41.403Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-49132\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-20T17:34:24.439Z\", \"dateReserved\": \"2025-06-02T10:39:41.633Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-20T16:56:41.403Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-49132

Vulnerability from fkie_nvd

Published

2025-06-20 17:15

Modified

2025-06-23 20:16

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

References

▶	URL	Tags
	security-advisories@github.com	https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0
	security-advisories@github.com	https://github.com/pterodactyl/panel/releases/tag/v1.11.11
	security-advisories@github.com	https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel\u0027s server, read credentials from the Panel\u0027s config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack."
    },
    {
      "lang": "es",
      "value": "Pterodactyl es un panel de administraci\u00f3n de servidores de juegos gratuito y de c\u00f3digo abierto. Antes de la versi\u00f3n 1.11.11, al usar el archivo /locales/locale.json con los par\u00e1metros de consulta de configuraci\u00f3n regional y espacio de nombres, un actor malicioso pod\u00eda ejecutar c\u00f3digo arbitrario sin estar autenticado. Esta capacidad de ejecutar c\u00f3digo arbitrario pod\u00eda utilizarse para acceder al servidor del panel, leer credenciales de su configuraci\u00f3n, extraer informaci\u00f3n confidencial de la base de datos, acceder a los archivos de los servidores administrados por el panel, etc. Este problema se ha corregido en la versi\u00f3n 1.11.11. No existen soluciones alternativas de software para esta vulnerabilidad, pero el uso de un firewall de aplicaciones web (WAF) externo podr\u00eda ayudar a mitigar este ataque."
    }
  ],
  "id": "CVE-2025-49132",
  "lastModified": "2025-06-23T20:16:21.633",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-20T17:15:41.140",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pterodactyl/panel/releases/tag/v1.11.11"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

ghsa-24wv-6c99-f843

Vulnerability from github

Published

2025-06-19 19:55

Modified

2025-06-20 22:21

Severity ?

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Summary

Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

Details

Impact

Using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code, without being authenticated.

With the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways. It could be used to gain access to the Panel's server, read credentials from the Panel's config (.env or otherwise), extract sensitive information from the database (such as user details [username, email, first and last name, hashed password, ip addresses, etc]), access files of servers managed by the panel, etc.

Patches

This vulnerability was patched by https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0 and was released under the v1.11.11 tag without any other code modifications compared to v1.11.10.

For those who need to patch their installations in-place or apply it on top of other code modifications, a patch file can be retrieved from https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0.patch and applied using git apply.

Workarounds

Other than patching the software, there is no workaround in this software. Disabling the /locales/locale.json endpoint at the webserver level is possible, but would break the localization feature wherever it is used.

The only other workaround relies on an external Web Application Firewall (WAF), such as Cloudflare's WAF with their default ruleset (requires Pro plan or above, Free doesn't have the proper ruleset) to mitigate this attack.

Updating to v1.11.11 or manually patching the software are the only recommended ways to completely mitigate this vulnerability.

User Notice

Shortly after the v1.11.11release and it's announcement, security researchers and malicious actors have been attempting to exploit this vulnerability. While there hasn't been any official confirmations of breaches or successful exploits of the vulnerability in the wild, it is only a matter of time for those who remain on unpatched versions without any workarounds in place.

The scope of this vulnerability cannot be fully described, anything is possible. It is of utmost importance that anyone running a vulnerable version of this software, patch it or update to the latest available version immediately.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.11.10"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "pterodactyl/panel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-49132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-19T19:55:27Z",
    "nvd_published_at": "2025-06-20T17:15:41Z",
    "severity": "CRITICAL"
  },
  "details": "## Impact\n\nUsing the `/locales/locale.json` with the `locale` and `namespace` query parameters, a malicious actor is able to execute arbitrary code, without being authenticated.\n\nWith the ability to execute arbitrary code, this vulnerability can be exploited in an infinite number of ways.  It could be used to gain access to the Panel\u0027s server, read credentials from the Panel\u0027s config (`.env` or otherwise), extract sensitive information from the database (such as user details [username, email, first and last name, hashed password, ip addresses, etc]), access files of servers managed by the panel, etc.\n\n## Patches\n\nThis vulnerability was patched by https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0 and was released under the [`v1.11.11`](https://github.com/pterodactyl/panel/releases/tag/v1.11.11) tag without any other code modifications compared to `v1.11.10`.\n\nFor those who need to patch their installations in-place or apply it on top of other code modifications, a patch file can be retrieved from \u003chttps://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0.patch\u003e and applied using `git apply`.\n\n## Workarounds\n\nOther than patching the software, there is no workaround in this software.  Disabling the `/locales/locale.json` endpoint at the webserver level is possible, but would break the localization feature wherever it is used.\n\nThe only other workaround relies on an external Web Application Firewall (WAF), such as Cloudflare\u0027s WAF with their default ruleset (requires Pro plan or above, Free doesn\u0027t have the proper ruleset) to mitigate this attack.\n\nUpdating to [`v1.11.11`](https://github.com/pterodactyl/panel/releases/tag/v1.11.11) or manually patching the software are the only recommended ways to completely mitigate this vulnerability.\n\n## User Notice\n\nShortly after the [`v1.11.11`](https://github.com/pterodactyl/panel/releases/tag/v1.11.11)release and it\u0027s announcement, security researchers and malicious actors have been attempting to exploit this vulnerability.  While there hasn\u0027t been any official confirmations of breaches or successful exploits of the vulnerability in the wild, it is only a matter of time for those who remain on unpatched versions without any workarounds in place.\n\nThe scope of this vulnerability cannot be fully described, anything is possible.  It is of utmost importance that anyone running a vulnerable version of this software, patch it or update to the latest available version **immediately**.",
  "id": "GHSA-24wv-6c99-f843",
  "modified": "2025-06-20T22:21:14Z",
  "published": "2025-06-19T19:55:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pterodactyl/panel/security/advisories/GHSA-24wv-6c99-f843"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pterodactyl/panel/commit/24c82b0e335fb5d7a844226b08abf9f176e592f0"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pterodactyl/panel"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pterodactyl/panel/releases/tag/v1.11.11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-49132 (GCVE-0-2025-49132)

Vulnerability from cvelistv5

fkie_cve-2025-49132

Vulnerability from fkie_nvd

ghsa-24wv-6c99-f843

Vulnerability from github

Impact

Patches

Workarounds

User Notice

Tags

Sightings

Nomenclature