CVE-2025-49143
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-08-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| networktocode | nautobot | to 1.6.32 (exc) |
| networktocode | nautobot | From 2.0.0 (inc) to 2.4.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49143 is an authentication bypass vulnerability in the Nautobot platform where media files uploaded by users to the MEDIA_ROOT directory could be accessed without requiring user authentication. This means that anonymous users who know or can guess the URLs of these media files, such as DeviceType image attachments or images linked to Location, Device, or Rack objects, could retrieve these files without authorization. The vulnerability arises because the endpoint serving these media files did not enforce authentication checks. The issue was fixed by introducing a new Django view that enforces user authentication for media file requests, except for certain public branding files, thereby preventing unauthorized access to sensitive media content. [1, 3, 4, 5]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of media files stored in Nautobot's MEDIA_ROOT directory. If an attacker or unauthorized user can guess or know the URLs of these files, they can access potentially sensitive images or attachments related to network devices, locations, or racks without authentication. Although the attack complexity is high due to the need to guess exact file names, the impact is a low confidentiality breach since unauthorized users can view files they should not have access to. There is no impact on integrity or availability. This exposure could lead to information leakage about network infrastructure or configurations represented by these media files. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access media files served by Nautobot without authentication. Since the vulnerability allows anonymous users to retrieve media files if they know or can guess the URL, you can test by making HTTP requests to known or guessed media file URLs on the Nautobot server without providing authentication credentials. For example, using curl or wget commands to request media files URLs and checking if the files are served without authentication. Example command: curl -I http://<nautobot-server>/media/<file-path> - to check if the response is served without requiring authentication. If the response is successful (e.g., HTTP 200) without authentication, the system is vulnerable. Note that guessing file names may be required due to high attack complexity. [3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Nautobot to version 2.4.10 or 1.6.32 or later, where the vulnerability is fixed by enforcing user authentication on media file requests. If upgrading immediately is not possible, restrict access to the MEDIA_ROOT directory at the web server or network level to prevent unauthenticated access. Applying the official patches from pull requests #6672 (for 2.x) or #6703 (for 1.6) is recommended. The fix involves using a new Django view that enforces authentication for media file access, except for specific branding files. There are no alternative workarounds besides applying these patches or upgrading. [1, 2, 3]