CVE-2025-57802
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-08-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| airlinklabs | daemon | 1.0.1 |
| airlinklabs | daemon | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Airlink's Daemon version 1.0.0, which interfaces with Docker and the Panel to control instances. An attacker with access to the affected container can create symbolic links inside the mounted directory (/app/data). Because the container bind-mounts an arbitrary host path, these symbolic links can point to sensitive locations on the host filesystem. When the application or other processes follow these symbolic links, the attacker can gain unauthorized read access to host files outside the container. This issue was fixed in version 1.0.1.
How can this vulnerability impact me? :
The vulnerability can allow an attacker who has access to the container to read sensitive files on the host system that should be inaccessible. This unauthorized read access can lead to exposure of confidential information, potentially compromising system security and privacy.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Airlink's Daemon to version 1.0.1 or later, where this vulnerability has been patched. Additionally, restrict access to the affected container to trusted users only to prevent attackers from creating symbolic links inside the mounted directory.