CVE-2025-50184

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8.

CVSS

No CVSS.

References

Link	Resource
https://github.com/dbgate/dbgate/commit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e
https://github.com/dbgate/dbgate/security/advisories/GHSA-2fp9-29gv-p5gm

Configurations

No configuration.

History

No history.

Information

Published : 2025-07-26 04:16

Updated : 2025-07-29 14:14

NVD link : CVE-2025-50184

Mitre link : CVE-2025-50184

CVE.ORG link : CVE-2025-50184

JSON object : View

Products Affected

No product.

CWE

CWE-29

Path Traversal: '\..\filename'

{"id": "CVE-2025-50184", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-26T04:16:03.980", "references": [{"url": "https://github.com/dbgate/dbgate/commit/18b11df672b5a887bc17a6b9fdd13f9742c8f98e", "source": "[email protected]"}, {"url": "https://github.com/dbgate/dbgate/security/advisories/GHSA-2fp9-29gv-p5gm", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-29"}]}], "descriptions": [{"lang": "en", "value": "DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be manipulated to access arbitrary files on the system. By supplying a crafted path to the file parameter, an attacker can read files outside the upload directory, potentially exposing sensitive system-level data. This is fixed in version 6.4.3-beta.8."}, {"lang": "es", "value": "DbGate es un gestor de bases de datos multiplataforma. En las versiones 6.4.3-premium-beta.5 y anteriores, DbGate es vulnerable a una falla de directory traversal. El par\u00e1metro \"file\" no est\u00e1 correctamente restringido al directorio de subidas. Como resultado, el endpoint que lista los archivos dentro del directorio de subida puede manipularse para acceder a archivos arbitrarios del sistema. Al proporcionar una ruta manipulada al par\u00e1metro \"file\", un atacante puede leer archivos fuera del directorio de subida, lo que podr\u00eda exponer datos confidenciales del sistema. Esto se solucion\u00f3 en la versi\u00f3n 6.4.3-beta.8."}], "lastModified": "2025-07-29T14:14:55.157", "sourceIdentifier": "[email protected]"}