CVE-2025-65109
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-65109, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-21

Last updated on: 2025-11-21

Assigner: GitHub, Inc.

Description

Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-21
Last Modified
2025-11-21
Generated
2026-07-06
AI Q&A
2025-11-22
EPSS Evaluated
2026-07-04
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
minder minder_helm 0.20241106.3386+ref.2507dbf
minder minder_go 0.0.72
minder minder_go 0.0.84

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-830 The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Minder Helm and Minder Go allows users to fetch content in the context of the Minder server, potentially accessing URLs that they would not normally have permission to access. This means that unauthorized content could be retrieved due to improper access controls in certain versions of Minder.

Impact Analysis

The vulnerability can lead to unauthorized access to restricted URLs or content, which may expose sensitive information or resources that should be protected. This can compromise the security of your environment by allowing users to access data or services they are not authorized to use.

Mitigation Strategies

To mitigate this vulnerability, update Minder Helm to version 0.20250203.3849+ref.fdc94f0 or later, and Minder Go to version 0.0.84 or later, as these versions contain the patch for the issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65109. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart