CVE-2025-53887
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-15

Last updated on: 2025-07-16

Assigner: GitHub, Inc.

Description
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the `/server/specs/oas` endpoint without authentication. With the exact version information a malicious attacker can look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. Version 11.9.0 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-15
Last Modified
2025-07-16
Generated
2026-05-07
AI Q&A
2025-07-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-53887
EUVD
EUVD-2025-21408
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
monospace directus From 9.0.0 (inc) to 11.9.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Directus involves the exposure of the exact Directus version number through the unauthenticated endpoint `/server/specs/oas`. The version number is incorrectly used as the OpenAPI Specification version, allowing any remote attacker to retrieve it without authentication. Knowing the exact version enables attackers to look for known vulnerabilities specific to that Directus version or its dependencies, potentially facilitating targeted attacks. This issue affects Directus versions from 9.0.0 up to but not including 11.9.0, where it was fixed by replacing the static version with a dynamic hashed version. [2, 1]


How can this vulnerability impact me? :

The impact of this vulnerability is that an attacker can obtain the precise version of Directus running on your server without any privileges or user interaction. With this information, the attacker can identify and exploit known vulnerabilities in that specific Directus version or its bundled dependencies. Although the vulnerability itself does not directly compromise data or system integrity, it facilitates targeted attacks by exposing sensitive version information, which can increase the risk of successful exploitation. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by attempting to access the unauthenticated endpoint `/server/specs/oas` on the Directus server and checking if the exact Directus version number is exposed. For example, you can use the following command to detect the vulnerability: `curl -s http://<directus-server>/server/specs/oas | grep version`. If the output reveals a static version number corresponding to Directus versions from 9.0.0 up to but not including 11.9.0, the system is vulnerable. [2]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade Directus to version 11.9.0 or later, where the vulnerability is fixed by replacing the static version number in the OpenAPI specification with a dynamically generated hashed version. Until the upgrade can be performed, restrict access to the `/server/specs/oas` endpoint to trusted users or internal networks to prevent unauthenticated version disclosure. [2, 1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart