CVE-2025-66410
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-01
Last updated on: 2026-02-06
Assigner: GitHub, Inc.
Description
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gin-vue-admin_project | gin-vue-admin | to 2.8.6 (exc) |
| gin-vue-admin | gin-vue-admin | 2.8.6 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Gin-vue-admin (version 2.8.6 and earlier) allows attackers to delete any file or folder on the server by manipulating the 'FileMd5' parameter. This can lead to damage or unavailability of server resources.
How can this vulnerability impact me? :
The vulnerability can cause significant damage by allowing attackers to delete any file or folder on the server, potentially leading to loss of important data and making server resources unavailable.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70