Suse
CVE-2025-24337
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.
AnalysisAI
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-281. WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. Version information: through 0.15.1.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-281 – Improper Preservation of Permissions
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.0/kvm-os-container:latest Container suse/sl-micro/6.0/rt-os-container:latest Container suse/sl-micro/6.0/toolbox:latest | Affected |
| SUSE Linux Enterprise Server 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today