CVE-2025-21609

Sažetak

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.

Reference

https://github.com/siyuan-note/siyuan/commit/d9887aeec1b27073bec66299a9a4181dc42969f3
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8fx8-pffw-w498

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

03-01-2025 - 17:15

Objavljeno

03-01-2025 - 17:15