CVE-2025-24786

Description

WhoDB has a path traversal opening Sqlite3 database in github.com/clidey/whodb/core

How to fix CVE-2025-24786

To remediate CVE-2025-24786, upgrade the affected package to a fixed version below.

• Go/github.com/clidey/whodb/core—upgrade to 0.0.0-20250127172032-547336ac73c8 or later
• Go/github.com/clidey/whodb/core—upgrade to 0.0.0-20250127172032-547336ac73c8 or later

Is CVE-2025-24786 being exploited?

Likely — EPSS is 51.8%, placing CVE-2025-24786 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (2)

• from 0, < 0.0.0-20250127172032-547336ac73c8
• from 0, < 0.0.0-20250127172032-547336ac73c8

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-24786
• PATCHgithub.com/clidey/whodb
• WEBgithub.com/clidey/whodb/blob/ba6eb81d0ca40baead74bca58b2567166999d6a6/core/src/plugins/sqlite3/db.go#L14-L20
• WEBgithub.com/clidey/whodb/blob/ba6eb81d0ca40baead74bca58b2567166999d6a6/core/src/plugins/sqlite3/db.go#L26