Nixpkgs security tracker
Dismissed
Permalink
CVE-2025-54003
9.8 CRITICAL
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
3 packages
- depotdownloader
- python312Packages.filedepot
- python313Packages.filedepot
- @LeSuisse dismissed
WordPress Depot theme <= 1.16 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Depot depot allows PHP Local File Inclusion.This issue affects Depot: from n/a through <= 1.16.
References
Affected products
depot
- =<<= 1.16
Ignored packages (3)
pkgs.depotdownloader
Steam depot downloader utilizing the SteamKit2 library
pkgs.python312Packages.filedepot
Toolkit for storing files and attachments in web applications
pkgs.python313Packages.filedepot
Toolkit for storing files and attachments in web applications