How to fix CVE-2025-49588?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Linkwarden affected by CVE-2025-49588?

Organizations using Linkwarden face significant risk from CVE-2025-49588 rated CVSS 8.7. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems.

Linkwarden CVE-2025-49588

EUVD-2025-19714 HIGH

External Control of File Name or Path (CWE-73)

2025-07-02 [email protected]

Information Disclosure

8.7

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 01:55 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:55 euvd

EUVD-2025-19714

CVE Published

Jul 02, 2025 - 14:15 nvd

HIGH 8.7

DescriptionNVD

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn't do any validation before sending them to parsers and playwright, this can result in leak of other user's links (and in some cases it might be possible to leak environment secrets). This issue has been patched in version 2.10.3 which has not been made public at time of publication.

AnalysisAI

A remote code execution vulnerability in Linkwarden (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Technical ContextAI

Vulnerability type: remote code execution. CVSS 8.7 indicates high severity. Affects Linkwarden.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-49588 vulnerability details – vuln.today

Back