CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-35430

CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.4%

CVSS Severity

CVSS v3 Score 5.0

References

https://github.com/cisagov/thorium/blob/main/api/src/utils/bounder.rs#L120-L158
https://github.com/cisagov/thorium/releases/tag/1.1.2
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json
https://www.cve.org/CVERecord?id=CVE-2025-35430

Products affected by CVE-2025-35430

Cisa » Thorium » Version: 1.0.0

cpe:2.3:a:cisa:thorium:1.0.0
Cisa » Thorium » Version: 1.1.0

cpe:2.3:a:cisa:thorium:1.1.0
Cisa » Thorium » Version: 1.1.1

cpe:2.3:a:cisa:thorium:1.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-35430

Products

Pricing

Contact Us