CVE-2025-65109
BaseFortify
Publication date: 2025-11-21
Last updated on: 2025-11-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| minder | minder_helm | 0.20241106.3386+ref.2507dbf |
| minder | minder_go | 0.0.72 |
| minder | minder_go | 0.0.84 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-830 | The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Minder Helm and Minder Go allows users to fetch content in the context of the Minder server, potentially accessing URLs that they would not normally have permission to access. This means that unauthorized content could be retrieved due to improper access controls in certain versions of Minder.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to restricted URLs or content, which may expose sensitive information or resources that should be protected. This can compromise the security of your environment by allowing users to access data or services they are not authorized to use.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Minder Helm to version 0.20250203.3849+ref.fdc94f0 or later, and Minder Go to version 0.0.84 or later, as these versions contain the patch for the issue.