CVE-2025-65109
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-21

Last updated on: 2025-11-21

Assigner: GitHub, Inc.

Description
Minder is an open source software supply chain security platform. In Minder Helm version 0.20241106.3386+ref.2507dbf and Minder Go versions from 0.0.72 to 0.0.83, Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to. This issue has been patched in Minder Helm version 0.20250203.3849+ref.fdc94f0 and Minder Go version 0.0.84.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-21
Last Modified
2025-11-21
Generated
2026-06-16
AI Q&A
2025-11-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-65109
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
minder minder_helm 0.20241106.3386+ref.2507dbf
minder minder_go 0.0.72
minder minder_go 0.0.84
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-830 The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Minder Helm and Minder Go allows users to fetch content in the context of the Minder server, potentially accessing URLs that they would not normally have permission to access. This means that unauthorized content could be retrieved due to improper access controls in certain versions of Minder.

Impact Analysis

The vulnerability can lead to unauthorized access to restricted URLs or content, which may expose sensitive information or resources that should be protected. This can compromise the security of your environment by allowing users to access data or services they are not authorized to use.

Mitigation Strategies

To mitigate this vulnerability, update Minder Helm to version 0.20250203.3849+ref.fdc94f0 or later, and Minder Go to version 0.0.84 or later, as these versions contain the patch for the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65109. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart