CVE-2025-67488
published 2025-12-09CVE-2025-67488: SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd…
PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.37%
28.6th percentile
SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, and can escalate to full code execution under some circumstances. A fix is planned for version 3.5.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| b3log | siyuan | < 3.5.0 | 3.5.0 |
| github.com | siyuan-note_siyuan_kernel | 0 – 0.0.0-20251202123337-6ef83b42c7ce | — |
| siyuan-note | siyuan | <= 0.0.0-20251202123337-6ef83b42c7ce | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE in github.com/siyuan-note/siyuan/kernel
osv·2025-12-15
CVE-2025-67488 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE in github.com/siyuan-note/siyuan/kernel
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE in github.com/siyuan-note/siyuan/kernel
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE in github.com/siyuan-note/siyuan/kernel
OSV
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
osv·2025-12-09
CVE-2025-67488 [HIGH] SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
### Summary
Function [**importZipMd**](https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190) is vulnerable to **ZipSlip** which allows an authenticated user to overwrite files on the system.
### Details
An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is [**importZipMd**](https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190), this can escalate to full code execution under some circumstances, for example using the official **docker image** it is possible to overwrite **entrypoint.sh** and after a container restart it will execute the cha
GHSA
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
ghsa·2025-12-09
CVE-2025-67488 [HIGH] CWE-22 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
### Summary
Function [**importZipMd**](https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190) is vulnerable to **ZipSlip** which allows an authenticated user to overwrite files on the system.
### Details
An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is [**importZipMd**](https://github.com/siyuan-note/siyuan/blob/dae6158860cc704e353454565c96e874278c6f47/kernel/api/import.go#L190), this can escalate to full code execution under some circumstances, for example using the official **docker image** it is possible to overwrite **entrypoint.sh** and after a container restart it will execute the cha
No detection rules found.
No public exploits indexed.
2025-12-09
Published