CVE-2025-24888 | freedomofpress securedrop-client up to 0.14.0 Source/Journalist Interface autostart safe_move path traversal (GHSA-6c3p-chq6-q3j2)

Inserito da Angelo Barbosa | Feb 13, 2025 | CVE

A vulnerability was found in freedomofpress securedrop-client up to 0.14.0. It has been rated as critical. This issue affects the function safe_move of the file /home/user/.config/autostart/ of the component Source/Journalist Interface. The manipulation leads to path traversal.

The identification of this vulnerability is CVE-2025-24888. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-24888 | freedomofpress securedrop-client up to 0.14.0 Source/Journalist Interface autostart safe_move path traversal (GHSA-6c3p-chq6-q3j2)

Post correlati

CVE-2024-33304 | SourceCodester Product Show Room 1.0 Add Users Last Name cross site scripting

CVE-2024-21672 | Atlassian Confluence Data Center/Confluence Server Remote Code Execution

CVE-2024-22432 | Dell NetWorker Module for Databases and Applications up to 19.9.0.3 Database Backup credentials storage (dsa-2024-059)

CVE-2024-20313 | Cisco IOS XE OSPFv2 denial of service (cisco-sa-iosxe-ospf-dos-dR9Sfrxp)