CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.5%

CVSS Severity

CVSS v3 Score 9.1

References

https://github.com/siyuan-note/siyuan/commit/d9887aeec1b27073bec66299a9a4181dc42969f3
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-8fx8-pffw-w498

Products affected by CVE-2025-21609

B3log » Siyuan » Version: 3.1.18

cpe:2.3:a:b3log:siyuan:3.1.18

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-21609

Products

Pricing

Contact Us