fkie_cve-2025-54118
Vulnerability from fkie_nvd
Published
2025-08-18 16:15
Modified
2025-08-20 21:23
Severity ?
Summary
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fixed in 2.2.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| namelessmc | nameless | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE24BDD-51F8-4096-A5E5-3394EA4EE64E",
"versionEndExcluding": "2.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NamelessMC is a free, easy to use \u0026 powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fixed in 2.2.4."
},
{
"lang": "es",
"value": "NamelessMC es un software web gratuito, f\u00e1cil de usar y potente para servidores de Minecraft. La divulgaci\u00f3n de informaci\u00f3n confidencial en NamelessMC anterior a la versi\u00f3n 2.2.4 permite que un atacante remoto no autenticado obtenga informaci\u00f3n confidencial, como la ruta absoluta del c\u00f3digo fuente, mediante el par\u00e1metro de lista. Esta vulnerabilidad se corrige en la versi\u00f3n 2.2.4."
}
],
"id": "CVE-2025-54118",
"lastModified": "2025-08-20T21:23:34.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-18T16:15:29.353",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/NamelessMC/Nameless/commit/3b94eb594dcbb1abc5524e41a0631df3ac95de8f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/NamelessMC/Nameless/security/advisories/GHSA-cj37-8jqc-hv2w"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…