How to fix CVE-2025-24786?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Is Whodb affected by CVE-2025-24786?

Organizations using WhoDB face critical risk from CVE-2025-24786, a path traversal vulnerability rated CVSS 10.0. This could allow attackers to access or modify files outside intended directories, potentially exposing sensitive configuration or credentials.

CVE-2025-24786

CRITICAL

2025-02-06 [email protected]

10.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:25 vuln.today

PoC Detected

Dec 31, 2025 - 14:31 vuln.today

Public exploit code

CVE Published

Feb 06, 2025 - 19:15 nvd

CRITICAL 10.0

Description

WhoDB is an open source database management tool. While the application only displays Sqlite3 databases present in the directory `/db`, there is no path traversal prevention in place. This allows an unauthenticated attacker to open any Sqlite3 database present on the host machine that the application is running on. Affected versions of WhoDB allow users to connect to Sqlite3 databases. By default, the databases must be present in `/db/` (or alternatively `./tmp/` if development mode is enabled). If no databases are present in the default directory, the UI indicates that the user is unable to open any databases. The database file is an user-controlled value. This value is used in `.Join()` with the default directory, in order to get the full path of the database file to open. No checks are performed whether the database file that is eventually opened actually resides in the default directory `/db`. This allows an attacker to use path traversal (`../../`) in order to open any Sqlite3 database present on the system. This issue has been addressed in version 0.45.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Analysis

WhoDB open-source database management tool allows unauthenticated path traversal to access any SQLite3 database on the host machine. Beyond data exposure, affected versions enable reading sensitive system files and executing arbitrary commands through SQLite extensions, achieving full server compromise.

Technical Context

WhoDB restricts its UI to showing databases in /db but has no server-side path traversal prevention. An attacker can open any SQLite3 database on the host by manipulating the path parameter. Furthermore, vulnerable versions allow loading SQLite extensions, which can execute arbitrary native code, and reading arbitrary files through SQLite's readfile() function.

Affected Products

['WhoDB (affected versions)']

Remediation

Update to a patched version. Implement path canonicalization and validation. Disable SQLite extension loading. Restrict WhoDB access to trusted networks with authentication.

Priority Score

121

Low Medium High Critical

KEV: 0

EPSS: +51.3

CVSS: +50

POC: +20

Vendor Status

CVE-2025-24786 vulnerability details – vuln.today

Back

CVE-2025-24786

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-24786

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code