CVE-2025-66410Path Traversal in Flipped-aurora Gin-vue-admin

CWE-22Path Traversal5 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.1%
top 64.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Flipped-aurora Gin-vue-adminFlipped-aurora Gin-vue-adminGin-vue-admin Project Gin-vue-admin
Timeline
PublishedDec 1
Latest updateDec 2

Description

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages3 packages

Gogithub.com/flipped-aurora_gin-vue-admin< 0.9.1-0.20251201084432-ee8d8d7e04d9

Patches

Patch: github.com

🔴Vulnerability Details

4
OSV
Gin-vue-admin has an arbitrary file deletion vulnerability2025-12-02
GHSA
Gin-vue-admin has an arbitrary file deletion vulnerability2025-12-02
OSV
Gin-vue-admin has an arbitrary file deletion vulnerability in github.com/flipped-aurora/gin-vue-admin2025-12-02
CVEList
Gin-vue-admin has an arbitrary file deletion vulnerability2025-12-01
CVE-2025-66410 — Path Traversal | cvebase