CVE-2025-34171MEDIUMCVSS 6.9≤ 0.4.152026-01-02
CVE-2025-34171 [MEDIUM] CWE-497 CVE-2025-34171: CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remo
CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under /var/lib/casaos/1/, which reveals installed applications and co
nvd