CVE-2025-57802
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-25

Last updated on: 2025-08-25

Assigner: GitHub, Inc.

Description
Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive locations on the host filesystem. When the application or other processes follow these symlinks, the attacker can gain unauthorized read access to host files outside the container. This issue has been patched in version 1.0.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-25
Last Modified
2025-08-25
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-57802
EUVD
EUVD-2025-25728
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
airlinklabs daemon 1.0.1
airlinklabs daemon 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in Airlink's Daemon version 1.0.0, which interfaces with Docker and the Panel to control instances. An attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symbolic links can point to sensitive locations on the host filesystem. When the application or other processes follow these symbolic links, the attacker can gain unauthorized read access to host files outside the container. This issue was fixed in version 1.0.1.

Impact Analysis

The vulnerability can allow an attacker who has access to the container to read sensitive files on the host system that should be inaccessible. This unauthorized read access can lead to exposure of confidential information, potentially compromising system security and privacy.

Mitigation Strategies

Upgrade Airlink's Daemon to version 1.0.1 or later, where this vulnerability has been patched. Additionally, restrict access to the affected container to trusted users only to prevent attackers from creating symbolic links inside the mounted directory.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57802. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart