Vulnerabilities

CVE-2025-35430

by Fred · 17/09/2025

CISA Thorium does not adequately validate the paths of downloaded files via ‘download_ephemeral’ and ‘download_children’. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2.

More information : https://github.com/cisagov/thorium/blob/main/api/src/utils/bounder.rs#L120-L158

Similar

Tags: Cybersecurity Alert