CVE-2025-67487
EPSS 0.06%Static Web Server vulnerable to a symbolic link path traversal
描述
### Summary Symbolic links (_symlinks_) could be used to access files or directories outside the intended web root folder. ### Details SWS generally does not prevent symlinks from escaping the web server’s root directory. Therefore, if a malicious actor gains access to the web server’s root directory, they could create symlinks to access other files outside the designated web root folder either by URL or via the directory listing. ### PoC - Serve a directory (web root) with SWS. - Create a symlink inside the web root that points to a file outside the web root. e.g. `ln -s escape.txt $HOME/.bashrc` - Open `http://localhost/escape.txt` in your browser. - The file content will be served. ### Impact Any web server that runs with elevated privileges (e.g., root/administrator) and handles user-supplied file uploads is primarily impacted.
受影響套件(1)
- crates.io/static-web-serverfrom 0, < 2.40.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
參考連結(4)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-67487
- PATCHhttps://github.com/static-web-server/static-web-server
- WEBhttps://github.com/static-web-server/static-web-server/commit/308f0d26ceb9c2c8bd219315d0f53914763357f2
- WEBhttps://github.com/static-web-server/static-web-server/security/advisories/GHSA-459f-x8vq-xjjm